Apple Watch: Start Your Developer Engines

Today the first batch of Apple Watches should start shipping to those lucky few. So I thought it would be nice to have an overview of WatchKit, the development platform from Apple that allows you to build Apps for the Apple Watch.

The Architecture

So as it stands at the moment, true native apps cannot be built for the Apple Watch. These have been promised for sometime in 2015, and it may be that we will see the first sign of these at this year’s WWDC.

Instead apps you build heavily rely on the iPhone paired with the watch.

Any app you build essentially has two halves.

  •  One-half lives on the Apple Watch.  This is your WatchKit App. This  app handles the user interface, any user interaction but very importantly – does not run any code. In fact, you could say the Apple Watch behaves like a second screen to the iPhone
  • The other half is a WatchKit extension that lives in the corresponding iPhone app. It’s this app that runs all of your code. It’s responsible for deciding what to display on the Apple Watch, what actions to perform when the user interacts with the Apple Watch, etc.

What’s clever about this setup is that when you design your app in Xcode, you design the Apple Watch screens as you would any local iPhone screen. When the app is then running, WatchKit  automatically handles all the communication between the two devices over Bluetooth.

Watchkit_architecture

WatchKit Apps

Your app on the Apple Watch contains a full user interface. Users can launch, control, and interact with your app in ways unique to Apple Watch.

Apple supply quite a few controls that allow you to build up your user interface including:

  • Labels

watchkit-labels

  • Tables

watchkit-tabes

  • Buttons

watchkit-buttons

  • Switches

watchkit-switches

 

  • Sliders

watchkit-sliders

Maps
watchkit-maps

  • Date and Timers

watchkit-dayes

  • Maps

watchkit-maps

 

Apple has also simplified the way you lay out your user interface. With iPhone apps, we have a system called AutoLayout that allows us to design complex screens that will scale to any device size. For the Apple Watch, Apple has simplified things by introducing groups.

Groups  are a container for other elements such as your labels and button. They give you the option to arrange elements in the group horizontally as well as vertically.

Glances and Notifications

As well as building Apps that users can interact with, Apple has  supplied two other methods of presenting information to the Apple Watch user.

Glances

A glance is a supplemental way for the user to view important information from your app. A glance immediately provides relevant information in a timely manner. For example, the glance for a calendar app might show information about the user’s next meeting. Glances do not support interactivity.

glances_2x

 

Notifications

By default, any notifications received by the iPhone will also be presented to the Watch. The Watch uses a minimal interface to display incoming notifications. When the user’s movement indicates a desire to see more information, the minimal interface changes to a more detailed interface displaying the contents of the notification.

notifications_2x

All in all Apple has provided some great APIs to kick start Apple Watch development, and when we get the SDK for native apps later on this year things can only get better.

If you are interested in learning how to develop Apps for iOS and the Apple Watch then check out our range of Apple Watch Development courses here

 

 

 

Don’t miss the OS X Yosemite Server Seminar

Are you thinking about integrating OS X into Active Directory and would like to understand this subject matter better including best practices?

If so, then attend the OS X Yosemite Server 1 day seminar on the 22nd of May in London.

Amsys Training is hosting this one-off seminar, led by our Apple Master Trainer, that will demonstrate and explain the various options to fill in the blanks left by Server app and provide hands-on scenarios for you to see different solutions in action.

Places are limited, therefore, booking ASAP is advised to avoid disappointment

What the OS X Yosemite Server Seminar will teach you

  • How to plan configuration of your server past the limitations of the Server App.
  • How to utilise the many command line tools supplied by Apple but hidden behind the scenes.
  • An understanding of OS X installer Packages through the command line.
  • How to integrate the Client into several Directories services.
  • An overview and understanding LDAP.
  • Troubleshooting login issues.

Plus much more.

Who Should Attend?

If you’re a Mac Admin, an existing Mac Support tech and want to upgrade your skill set, or need to know how to streamline your Server then book this 1 day seminar this May.

Pre-requisites? You should have a background in IT support and a basic understanding in OS X to attend this seminar.

During this 1 day OS X Server seminar we will cover the following topics:

  • Server app: Become an expert with the standard Server app including understanding what the tool is doing behind the scenes.
  • Headless Management and maintenance: Learn how to manage your server over VNC and SSH.
  • DNS & Bind: DNS is a key service so you will learn how to configure, protect and troubleshooting the DNS service.
  • Server command line tools: Learn how to utilise the many command line tools supplied by Apple including serveradmin, systemsetup and networksetup.
  • Local Directory: Understanding the Local Directory and what is required by the system for the user accounts. See how the local Directory interacts with the processes and what tools we can use to modify it.
  • OpenDirectory: Learn to use the number of command line tools to help configure and troubleshoot OpenDirectory.
  • Accessing Third Party Servers: Understanding LDAP Configuring OS X client computer to log in using a standard LDAP server.
  • Directory Solutions: Look into different options like implementing the Golden Triangle, substitutions and repurposing.
  • Profile Manager: Have a greater understanding on how this service works including auto enrolment, using the profiles command line tools.
  • File Sharing: Services: Learn how configure file sharing services from the command line.
  • Permissions: Understand how Apple implements permissions on OS X Server and how to manipulate them from the command line.
  • Web: OS X Server hides a lot of the features available to Apache, learn how to configure and modify Apache configuration pages.
  • Caching Service: Learn why this is a great service, how it works and how to troubleshoot it and modify it’s settings.

Price: This seminar is just £195 + VAT (RRP: £260)

Book now to avoid missing out

 

Understanding Apple’s Device Enrolment Program (DEP)

DEP or Device Enrollment Program is a new service from Apple that lets you automatically enrol new devices (OS X & iOS) with your MDM as they progress through the setup assistant. Up until now, connecting devices to a management system has required some user interaction, either by IT or the end user.

We have been able to setup user self-enrollment but there has been the risk that the user doesn’t do it, which means the business doesn’t have an inventory record and has no way to manage the device. For the first time, we can take a brand new device out of the box, go through the setup assistant and have it enrol with the management service without any technical input.

As you can imagine, this opens up some new scenarios with regards to device deployment.

Depending on your configuration, you can theoretically ship the devices direct to the users, knowing that the devices will appear in MDM once they set it up.

We were naturally very interested in the real world applications and challenges with this new service so in this blog post we describe a bit about how it works and some of our experiences as we were testing it.

How does DEP work?

This is by no means a deep dive into the inner workings of DEP, but should suffice to give you some understanding of the processes at work.

Devices that run through the Apple setup assistant are programmed to contact Apple to see if there is a DEP registration that matches their serial number. If there is, they will receive the details of the specified MDM service from Apple and then enrol into the management system.

In the case of The Casper Suite from JAMF Software, the device enrols, installs the JAMF binary (if it’s an OS X device), installs Self Service (if the JSS is set to do so) and configures any other computer management framework tasks like startup, login and logout triggers.

From that point on you can start dropping the devices into smart groups, running policies and all the other good stuff you need to get the devices setup and ready for use.

Getting set up

To get up and running with DEP, you need to register on Apple’s website here.

apple dep registration

It didn’t seem that you could use an existing Apple ID for this purpose. In fact, this was the same for adding additional administrators. I had to create a new Apple ID before I could be added as a DEP administrator by my colleague.

Once you’ve verified the Apple ID, the next step is to complete some of the institutional information:

dep institutional details apple

Most of these details are straightforward, but there are a few things to note.

Company D-U-N-S

This is an identification number for businesses regulated by Dun & Bradstreet (D&B) that assigns a unique numeric identifier, referred to as a “DUNS number” to a single business entity.

Devices Purchased From

This is an important bit. It will be used to associate the serial numbers of any devices you purchase with your DEP account. You can add multiple sources including Apple and third-party resellers, as long as they are official Apple resellers and registered with the DEP service. So if you purchase some of your Macs from Apple and some from a reseller, they will all link back to your DEP account and in turn your MDM.

Once you have submitted the application, Apple will check the details and process the registration. In our case, we only have a single Apple account, so we entered our account number. Shortly after submitting the registration we received a phone call from Apple to verify our details and to get authorisation from a company representative.

Some people have mentioned that the registration process can take a few days to complete. In our case, we were up and running within a few hours, but I guess your mileage may vary.

Link the The Casper Suite JSS to DEP

The next step is to link your DEP account to your MDM. In the case of The Casper Suite, we needed to:

  • Select Device Enrollment Program from the Global Management screen and download the Public Key
  • Use the public key to add the JSS to the Apple DEP portal. Adding the server to the DEP portal provides a Server Token File
  • Take the Server Token File and use it to add the account to the JSS

Once you have added the server to the DEP portal, you can set whether newly purchased devices are automatically enrolled into your MDM.

Configure PreStage Enrolments

Next you need to configure PreStage Enrolments. This is used to set what happens when a device is directed to the JSS by DEP. Click New, set the scope and options.

Amongst other things, you will have the option to decide which setup screens are to be shown on the clients:

configure prestage enrolments

Some other points

Network – As you can imagine, this process only works if the clients are connected to a network that allows communication with Apple and the JSS.  In larger corporate environments or schools, this is likely to cause problems as there are often port filtering, 802.1X, and other security systems in place that will prevent communication.  One solution is to create an enrollment SSID that can only communicate with the Apple and JSS servers.  Users can connect to that network for the initial setup, after which the JSS can configure the devices for the main network.  If your corporate wireless network requires the devices to be connected to Active Directory for device certificates (for example), that SSID won’t be suitable for DEP.

User accounts – As you can see above, there isn’t an option to stop the user creating a local admin account.  If this is OK for your organisation, then there is nothing more to do.  If however you need the users to work with standard user accounts, or even directory users, you will need to run policies from the JSS after enrollment to perform the additional configuration, and possibly delete the local admin user account that the user created.

Targeting DEP enrolled Macs for policies - If you do want to target the DEP enrolled Macs with policies from the JSS, there is a Smart group criteria option called “Enrollment Method.”  Select “PreStage enrollment” as the value, and this will identify those devices.  I would avoid adding too many policies, particularly those that install software unless you can be sure the device will be on a fast enough link.  If the user sets up their device from home and a policy starts installing the Adobe Creative Suite, this will be a problem.

Adding legacy Macs - It is possible to add existing devices to your DEP account.  We tested this with a few Macs going back to 2012 which worked OK.  We just needed to add the serial numbers to the DEP portal.

Summary

So all in all it looks like a pretty useful service.  There are, of course, some challenges for larger corporations with enterprise networks and other security policies, but from our perspective Apple have given us more options and functionality, which is a good thing.  The added bonus in the case of The Casper Suite, is that the JAMF binary is installed on new Macs, allowing you to fully manage the device, without it ever being touched by the IT team.

Other useful links

Speak to our team of fully certified Apple experts today to see how we can help you by calling 0208 660 9999 or emailing henryc@amsys.co.uk.

Mac Printing Scripts Mashup

Hi all. I’m doing something a little different this time and I’ve got 4 small scripts relating to printers on Mac that I’d like to share. They’ve been pulled together from various places and tweaked many times since I’ve started using them and I thought I should share what I’ve got. Hopefully they’ll help save another Mac Admin some time!

Add Everyone to Printer Admins

This script uses the ‘dseditgroup’ command to add the “Everyone” user group (which all users are a member of, hence the name) to the “lpadmin” group (effectively the ‘printer admins’ group).

This change will allow all users to carry out tasks such as resuming a print queue without entering administration credentials. As long as the users are not administrative users themselves, they won’t be able to add or remove printers from the Printing System Preference pane.

I’ve used this for staff Macs in schools where the staff members would take a device home, and attempt to print to the school print server queues. Once the print job timed out, the queue would be paused and require an administrative credentials to resume.

#!/bin/sh
 
dseditgroup -o edit -a "everyone" -t group lpadmin
 
exit $?

Disable Printer Sharing On All Queues

This script uses the lpstat and lpadmin commands to disable printer sharing on all print queues. Often, when a print queue is deployed using management, it is automatically configured as shared. Now, without enabling printer sharing in the Sharing Printing System Preference pane this won’t do much, but can annoy / worry some business owners.

I’ve used this script in a handful of places where users may add print queues themselves, or the site uses a particular method to deploy print queues that typically have sharing enabled but not desired. This script can be run each time a print queue is added (afterwards!) or every day / week / month etc.

#!/bin/sh
 
lpstat -p | grep printer | cut -d" " -f2 | xargs -I {} lpadmin -p {} -o printer-is-shared=False
 
exit $?

Remove MCX Printers

This script will use the lpstat and lpadmin commands to find any print queues listed as ‘mcx’ print queues, and remove them.

I’ve used this script when migrating a few customers from one management solution to another. It pruned out the previous management solution’s print queues, ready to receive the new management solution’s queues. This ensured that the devices in question were in a ‘known’ state, rather than possibly be missing queues or have duplicate queues

#!/bin/bash
 
for printer in `lpstat -p | grep 'mcx ' | awk '{print $2}'` ; do
        lpadmin -x $printer
    done
 
exit 0

Remove All Print Queues

This script uses lpstate and lprm commands to loop through and remove all locally added printers.

I’ve used this script in a similar way to the Remove MCX Printers script above to reset a Mac device to a ‘known’ state regarding the print queues, i.e. no print queues!

#!/bin/bash
 
lpstat -p | awk '{print $2}' | while read printer
do
  echo "Clearing Queue for Printer:" $printer
  lprm - -P $printer
done

Summary

There you go! I hope that they can prove helpful to someone. Apologies that I cannot remember sources for the information and / or scripts. Please feel free to give me a shout out and I’ll edit the post to give credit where credit is due!

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

More to read about Printing with OS X:

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Thanks for attending the Mac Meetup with JAMF Software

mac meetup jamf software london
Thanks to everyone who made it to the Mac Meetup with JAMF Software earlier on this week, making it the biggest and best event yet!

The event was hosted at our new Apple Support and Service Centre in London and the topic of the night was DEP and the Casper Suite. JAMF Software’s, Gib Chan demonstrated how businesses can automate device enrollment and streamline the initial setup process for new devices. Organisations can now use the two tools together to create a zero touch system for IT admins and a simplified experience for their users.

What was discussed during April’s event:

  • How to leverage Apple’s new Deployment programme.
  • How to create a simplified set up experience for users.
  • How to eliminate bottlenecks commonly associated in deployments to new users.
  • Triggering initial configs with Casper and DEP.

Watch this space for more events coming up or join the LinkedIn group here.  A special thanks also goes to Motion Bug for taking the photos on the night, which you can view below.

20150414-DSCF7307 mac-meetup-jamf-amsys

mac meetup april 2015

 

 

The latest OS X and iOS 8 updates

Yesterday Apple released two new updates to both Yosemite and iOS 8, which have addressed a number of key features and issues, including:

  • The issue that could cause Macs bound to an Active Directory server to become unresponsive at startup
  • Improved Wi-Fi performance and connectivity in various usage scenarios
  • A number of security fixes

This is a significant update therefore updating as soon as possible is highly recommended as a number of security holes have been patched.

What else is included in 10.10.3?

The update has also released the new Photos app, which is the replacement for iPhoto and Aperture – which should be very interesting.

With Photos you can:


  • Browse your photos by time and location in Moments, Collections, and Years views
  • Navigate your library using convenient Photos, Shared, Albums, and Projects tabs
  • Store all of your photos and videos in iCloud Photo Library in their original format and in full resolution
  • Access your photos and videos stored in iCloud Photo Library from your Mac, iPhone, iPad, or iCloud.com with your web browser
  • Perfect your photos with powerful and easy-to-use editing tools that optimize with a single click or slider, or allow precise adjustments with detailed controls
  • Create professional-quality photo books with simplified bookmaking tools, new Apple-designed themes, and new square book formats
  • Purchase prints in new square and panoramic sizes
  • 
How to upgrade your iPhoto Library to Photos: 

It’s easy to upgrade your iPhoto library to Photos – just open the app to get started. To learn more about Photos, visit Apple’s website here.

This update also includes the following improvements:


  • Adds Spotlight suggestions to Look Up
  • Prevents Safari from saving website favicon URLs used in Private Browsing
  • Improves stability and security in Safari
  • Improves Wi-Fi performance and connectivity in various usage scenarios
  • Improves compatibility with captive Wi-Fi network environments
  • Fixes an issue that might cause Bluetooth devices to disconnect
  • Improves screen sharing reliability

For enterprise customers, this update includes the following:


  • Addresses an issue that could cause Macs bound to an Active Directory server to become unresponsive at startup
  • Provides the ability to set an umask that’s respected by GUI apps
  • Fixes an issue installing a configuration profile for 802.1x with EAP-TLS
  • Resolves an issue where folders from a DFS share point might “disappear” when viewed from the Finder on some Macs

iOS 8 Updates

  • These are just some of the important features with the latest update to iOS 8:
  • Fixes an issue where you could be continuously prompted for login credentials
  • Addresses an issue where some devices disconnect intermittently from Wi-Fi networks
  • Fixes an issue where hands-free phone calls could become disconnected
  • Adds the ability to report junk messages directly from the Messages app
  • Adds the ability to filter out iMessages that are not sent by your contacts
  • Fixes a bug where certain apps would not launch or update on family members’ devices
  • Improves reliability of installing and updating enterprise apps
  • Corrects the time zone of Calendar events created in IBM Notes
  • Improves reliability of saving the password for a web proxy
  • Exchange out-of-office message can now be edited separately for external replies
  • Improves recovery of Exchange accounts from temporary connection problems
  • Improves compatibility of VPN and web proxy solutions
  • Allows use of physical keyboards to log into Safari web sheets, such as for joining a public Wi-Fi network
  • Fixes an issue that caused Exchange meetings with long notes to be truncated
  • Accessibility fixes
  • Fixes an issue where using the back button in Safari causes VoiceOver gestures to not respond
  • Adds the ability to remove shipping and billing addresses used with Apple Pay
  • Improves stability for Phone, Mail, Bluetooth connectivity, Photos, Safari tabs, Settings, Weather and Genius Playlists in Music
  • Addresses an issue that prevented opening links in Safari PDFs
  • Fixes an issue where selecting Clear History and Website Data in Safari Settings did not clear all data

For more information about these latest software updates, please visit the Apple Website here.

Disclaimer: As with all major software updates we advise taking a back up of all your devices and running a test, if possible, before updating.

OS X Yosemite hidden feature series – Part 4

The next part in this series, will focus on calling and messaging features. Remember, I am calling these ‘hidden’ features since they may not be obvious how to access them, may not be easy to understand what they do, or just not well documented directly by Apple.

New Feature 1: FaceTime iPhone Calls

What is it?

OS X Yosemite, along with iOS 8, supports Mac users making and receiving phone calls using an iPhone’s cellular connection.

No longer do you have to scramble around to find your phone when someone is calling you, you can answer the call via the FaceTime app on your Mac. You can even initiate calls from your Mac using your iPhone’s cellular connection.

How does it work?

As with most features, there is a hardware and software requirement.

Mac requirements:

  • Your Mac must be running OS X Yosemite 10.10 or later
  • Signed into iCloud using the same Apple ID as the iPhone (Check iCloud System Preferences)
  • Signed in to FaceTime using the same Apple ID as the iPhone (Check FaceTime application Preferences)
  • Connected to the same Wi-Fi network and router as iPhone to make and receive calls

iPhone requirements:

  • Your iPhone must be running iOS 8 or later.
  • Signed into iCloud using the same Apple ID as the Mac (Check Settings > iCloud)
  • Signed in to FaceTime using the same Apple ID as the Mac (Check Settings > FaceTime)
  • Connected to the same Wi-Fi network and router as the Mac

Once you have the requirements sorted, there’s just a single setting on both the Mac and iPhone to enable and you’re all set!

  • On your iPhone, go to Settings > FaceTime > turn on iPhone Mobile/Cellular Calls.
  • On a Mac, open the FaceTime app and go to Preferences > Settings and tick the iPhone Cellular Calls option. You’ll be required to verify the device with a four digit code sent to your iPhone.

As long as you have done everything listed above, you can now start calls from your Mac simply by clicking the phone icon next to a phone number in Contacts, click on the phone number in Calendar, or in Safari you can highlight the number, click the drop down arrow that appears and then select ‘Call using iPhone’.

  • To receive a call, simply select Accept when the call notification appears on your Mac. You can also choose to decline the call or respond with a quick message.
  • Incoming calls will show the caller’s name, number and profile picture if stored in your Contacts.

If you start a call on your Mac, but wish to continue the call on your iPhone, you can do that too! Just tap the green bar at the top of your iPhone to transfer the call to your iPhone.

If you wish to disable this feature, just turn off iPhone cellular calls as follows:

  • On your iPhone, go to Settings > FaceTime > turn off iPhone Mobile/Cellular Calls.
  • On a Mac, open the FaceTime app and go to Preferences > Settings and un-tick the iPhone Cellular Calls option.

Let’s now see it in action!

So now we know how it works, let’s see how to do it!
The following was performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Setting up FaceTime iPhone Calls:

Step 1: Enable iPhone Cellular Calls on the iPhone (Settings > FaceTime > turn on iPhone Mobile/Cellular Calls):

setting up iphone facetime calls

Step 2: Enable iPhone Cellular Calls on the Mac (FaceTime app Preferences > Settings and tick the iPhone Cellular Calls option):

Enable iPhone Cellular Calls on the Mac

You’ll be required to verify the device with a four digit code sent to your iPhone.

Answering FaceTime iPhone Calls:

Step 1: Once a phone call has been sent to your iPhone, a notification window should appear at the top right of your screen as shown below:

Answering FaceTime iPhone Calls

Step 2: Simply click on “Accept” when the notification appears to answer the call on your Mac or “Decline” to cancel the call.

You can also click the drop down arrow to reply with a message or receive a notification reminder later so you can call the person back:

reply with message options

Making FaceTime iPhone Calls:

Step 1: To start calls from your Mac, simply click the phone icon next to a phone number in the Contacts application, or you can click on the phone number itself in Calendar. In Safari, you can highlight the number, then click the drop down arrow that appears and then select ‘Call using iPhone’:

making facetime phone calls from your mac

Step 2: Click ‘call’ to confirm and dial the number:

click call to make this call

Step 3: Select ‘Mute’ during the call so the other person can not hear you, selecting ‘End’ once the call is complete:

select mute during the call

Note: You can also start making a call directly in the FaceTime app by simply typing the number into the FaceTime search field:

make call directly from facetime app

I love this feature, it’s so useful when my iPhone is on charge in another room from where I’m sitting with my Mac!

Useful Info about FaceTime iPhone Calls

Having issues getting it to work?

Check the requirements listed above to ensure that everything is configured correctly. Also check the FaceTime settings in Notifications System Preferences to ensure you receive the notifications for incoming calls.

Want to change the FaceTime’s ringtone when receiving calls?

There are quite a few ringtone choices as you can choose any found in iOS 7 or iOS 8, there’s also a “classic” tones option from earlier versions of iOS too!

To change the Ringtone, open the FaceTime application and then open its Preferences. In the Settings tab you can choose a different tone by opening the Ringtone drop down list at the bottom:

ring tone preferences ios os x

Need to enter numbers using a telephone keypad?

If you’re using your Mac to make or receive a call and need to enter information “using your telephone keypad”, for example when calling a bank, you can simply use your Mac keyboard whilst in the FaceTime app and it will send the keyboard response to your iPhone cellular call!

You should hear the standard Dual-tone multi-frequency (DTMF) tones. (Just make sure you click on the call window at the top right corner of your Mac to make sure the call window is the chosen element before typing).

Do you dislike ‘floating windows’?

You’ll be pleased to hear that you can turn the floating call window into a regular window just by dragging the window away from the corner. (It will also now have the traffic light close and minimize options too!)

Apple support documentation on this feature can be found here.

New Feature 2: SMS via Messages

What is it?

The Messages app in OS X Yosemite has been updated with a few nice features.

The first to mention is the ability to work with standards text messages (SMS). Now you are not just limited to sending and receiving iMessages on your Mac, you can now text those people who chose the dark side and are using Android! :)

You can also start a message conversation from your Mac by clicking a phone number in apps like Safari, Contacts or Calendar.

How does it work?

Again, there is a hardware and software requirement.

Mac requirements:

  • Your Mac must be running OS X Yosemite 10.10 or later
  • Signed into iCloud using the same Apple ID as the iPhone uses for iMessage.
  • Connected to the same Wi-Fi network and router as iPhone to make and receive calls

iPhone requirements:

  • Your iPhone must be running iOS 8 or later.
  • Signed into iCloud using the same Apple ID as the Mac
  • Connected to the same Wi-Fi network and router as the Mac

Once you have the relevant requirements confirmed, there’s just a single setting on your iPhone to enable and you’re all good to go!

  • On your iPhone, go to Settings > Messages > select Text Message Forwarding, then turn on the switch alongside the name of your computer.

Let’s now see it in action!

So now we know what it does, let’s show you how it’s done!
Again, this demo was performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Enable Text Message Forwarding on your iPhone, (Settings > Messages > select Text Message Forwarding, then turn on the switch alongside the computer name of your Mac):

Enable Text Message Forwarding on your iPhone

Step 2: As long as your Mac and iPhone are using the same iCloud account and are on the same Wi-Fi network, you should be able to open the Messages application and start sending messages to any mobile number regardless of whether the recipient has an iPhone or not.

Either select a person in the previous history to continue an existing text chat or click the ‘Compose’ icon  to start a new conversation, selecting a person in your Contacts or entering their mobile number manually.

As with the iPhone Messages app, iMessages you send will appear in Blue, standard texts in Green.

Useful Info about SMS via Messages

The only issue I have found with this feature is that texts sometimes fail as my Mac and iPhone may auto join different Wi-Fi networks that are in range if I’ve connected to more than one in the same building. Thus the texts will not send! So just make sure before you start a text that your 2 devices are on the same network.

If you wish to disable this feature, simply turn off Text Message Forwarding on your iPhone:

Open the Settings app, go to Messages, select Text Message Forwarding, then turn OFF the switch alongside the computer name of your Mac.

New Feature 3: Voice Messaging via Messages

What is it?

Another new feature in the Messages app in OS X Yosemite and iOS 8 is the ability to send short Voice clips to other iMessage users.

How does it work?

This feature is linked to iMessage, therefore an Apple ID must be signed into the Messages application.
Simply go to Messages and sign in to iMessage with your Apple ID credentials. If you do not receive the setup assistant, go to Messages Preferences > Accounts and select the iMessage account and sign in.

As long as your Microphone is enabled in Sound System Preferences, (select Internal Microphone from the Input tab), you can simply click on the Microphone icon  to the right of the iMessage text window to capture sounds and make them part of iMessage conversations.

Let’s now see it in action!

Let’s see a quick demo of how it’s done! The following was again performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Verify correct configuration of your internal Microphone in Sound System Preferences, (select Internal Microphone from the Input tab). Also verify iMessage setup within the Messages application by going to the Messages Preferences > Accounts and select the iMessage account.

Sign in if you are not already with your Apple ID and ensure correct details are entered into the ‘You can be reached for messages at’ and ‘Start new conversations from’ options. Full details of configuration can be found at here.

Step 2: Once you are setup, simply click on the Microphone icon to the right of the iMessage text window to capture your Microphone sound:

voice messagin ios osx

If the icon is missing, you have either not configured your Microphone or iMessage correctly, or more likely you are trying to message someone who does not have iMessage (for example, someone who has an Android phone and not an iPhone). Notice the lack of the Microphone icon below when I try and text my Mum as she has a Samsung phone!

imessage an android

Step 3: Speak into your microphone and click the red button to finish recording:

record imessage voice

Step 4: Your voice message is then compressed to make sending and receiving quicker. Once it’s ready to send the ‘Send’ button will appear, click ‘Send’ and you’re done:

send voice message osx

Useful Info about Voice Messaging via Messages

As handy as this little feature is, it only records a short piece of audio and then allows you to send it or cancel it. There is no option in between to listen to the recording before sending. So you have to assume what you said was picked up OK and was what you wanted to say!

New Feature 4: Messages Details

What is it?

OS X Yosemite and iOS 8 added another nice new feature to the Messages app. You can now view much more information about a chat participant and directly respond back to participants. For example, you can now view all images sent within a conversation between a chat participant and yourself.

How does it work?

It’s very simple. Once you have selected a chat participant in the Messages sidebar, you can click the ‘Details’ button at the top right of the chat window and a pop-out window appears providing options to interact with the recipient such as screen share, FaceTime and making a phone call.

You can also toggle ‘Do Not Disturb’ from here so that notifications from this conversation are muted, and even better, this Details window will show you all the attachments sent and received within this conversation.

Let’s now see it in action!

As before, to demonstrate this I will be using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Open the Messages app on your Mac and wait a few seconds for your accounts to log in and update any messages made with another Apple device (such as your iPhone or iPad).

Step 2: Select a chat participant’s name from the left hand sidebar to load up all conversations made between yourself and that person based on any contact details in your Contacts app. (If this person has multiple messaging accounts and phone numbers stored in your Contacts app, these are usually merged into one conversation window).

Step 3: Click on the ‘Details’ button at the top right of the chat window to open a pop-out window:

message contact details

Step 4: You should now have a list of info and options. Depending on whether the chat participant is using an Apple device and is an iMessage user or not will determine which options are available. Some may be greyed out if not available (such as FaceTime and Screen Sharing):

view contacts messages details

Step 5: If supported, you can click on the 2 overlapping squares to initiate screen sharing either by inviting the chat participant to share your screen, or asking them to share their screen:

invited to share screen os x

Step 6: You can also click on the FaceTime icon to open FaceTime and start a video chat, or click on the Phone icon to choose which phone number from the chat participant’s Contacts card to call.

As mentioned above, you can tick the box next to ‘Do Not Disturb’ so that notifications from this conversation will be muted.

Step 7: You can also view all the attachments sent and received within this conversation.
Control-clicking/Right-clicking on any of these attachments brings up some options such as ‘Open’ to open an image in Preview or perhaps a movie or audio file in QuickTime, and ‘Delete’ to remove the item from the conversation:

do not disturb phone calls osx

Useful Info about Messages Details

Nice little feature this, but I have found that if you have received an audio or video file, the preview image shown in this Details window is the generic iTunes musical note icon. You therefore have to Control-click/Right-click the attachment and open it in QuickTime before you can find out what it was.

New Feature 5: Group iMessaging Details via Messages

What is it?

Similar to Feature 4, OS X Yosemite and iOS 8 has also incorporated the Details feature into Group chats.

Group iMessage conversations also now have the Details button with a collection of nice features. All the features from a single chat conversation are there for each person in the chat: Screen Sharing, FaceTime and Phone calling, plus the ‘Do Not Disturb’ and attachment previews.

An addition for group chats is that you can share your locations with others in the group chat by leveraging the ‘Find My Friends’ service. You can therefore see a map displaying where all the participants of the chat are located!

There’s also a nice feature whereby you can give the group chat a group chat name to make it easier to remember what the chat was all about!

However, notably the best addition here for group chats is the ability to control your interaction during group conversations. As well as the ‘Do Not Disturb’ feature if you no longer wish to receive notifications from an ongoing group conversation, you can also now click ‘Leave this Conversation’ to be removed entirely from the group chat.

How does it work?

This works pretty much the same as Feature 4 apart from the fact that you are viewing a group chat instead of an individual chat.

Once you have selected a group chat in the Messages sidebar, you can click the ‘Details’ button at the top right of the chat window and a pop-out window appears providing options to interact with the group recipients such as screen share, FaceTime and making a phone call.

There’s also the toggle for ‘Do Not Disturb’ so that notifications from this conversation are muted, the list of all the attachments sent and received within this conversation.

As mentioned above, group chats also have the following features : Participant location sharing, ‘Group Chat’ name and option to completely leave the group conversation.

Let’s now see it in action!

To see how this feature works, most of the steps will be the same as for Feature 4.
Once again, I was using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2 to complete this demo.

Step 1: Open the Messages app on your Mac and wait a few seconds for your accounts to log in and update any messages made with another Apple device (such as your iPhone or iPad).

Step 2: Select a ‘Group Chat’ from the left hand sidebar to load up all conversations made between yourself and all persons invited into the group chat.

Step 3: Click on the ‘Details’ button at the top right of the chat window to open a pop-out window:

grou message via imessage

Step 4: You should now have a list of info and options. Depending on whether each chat participant is using an Apple device and is an iMessage user or not will determine which options are available. Some may be greyed out if not available (such as FaceTime and Screen Sharing):

untitled group chat

Step 5: Notice right at the top of this ‘Details’ window there is an option for you to give the group chat a group chat name so you can remember what the conversation was supposed to be about!

Underneath the Group Name option, there is a map section which will attempt to locate where all the group participants are.

Remember, this will need ‘Find My Friends’ enabled on iOS and ‘Location Services’ must be also enabled for the Messages app, either in Settings > Privacy on iOS or in the Privacy tab of Security & Privacy System Preferences on OS X.

I have ensured in my demo that this feature was disabled so I would not advertise where all my colleagues were! :)

Step 6: You can then choose to interact directly with just one of the group participants. If supported, you can click on the 2 overlapping squares to initiate screen sharing either by inviting the chat participant to share your screen, or ask them to share their screen.

You can also click on the FaceTime icon to open FaceTime and start a video chat, or click on the Phone icon to choose which phone number from the chat participant’s Contacts card to call.

Select ‘Add Contact’ to invite a new person into the group chat.

To remove someone from the chat, you can Control-click/Right-click on their name in the list and select ‘Remove from Conversation’:

remove from imessage group chat
Notice you can also send them a Private text message or email if their Contact card in your Contacts app has the relevant mobile number or email address field configured. You can also directly switch to their Contact card in the Contacts app by selecting ‘Show Contact Card’.

Step 7: Ticking the box next to ‘Do Not Disturb’ will ensure that notifications from this conversation will be muted. This is very useful if you are involved in a group chat but need to focus on something else for a while and don’t want to keep getting the notifications every time someone replies.

As well as the ‘Do Not Disturb’ feature, you can now click ‘Leave this Conversation’ to be removed entirely from the group chat:

mute notifications for this conversation

Step 8: All attachments sent and received within this conversation will be displayed at the bottom of the Details window.

Control-clicking/Right-clicking on any of these attachments brings up some options such as ‘Open’ to open an image in Preview or perhaps a movie or audio file in QuickTime, and ‘Delete’ to remove the item from the conversation.

Useful Info about Group iMessaging Details via Messages

These changes to Messages in OS X Yosemite and iOS 8 have certainly made conference messaging much more flexible and easier.

I do like the ability to use the group details to start a new individual phone call, chat, or FaceTime session. The ability to add or remove participants and then carry on the chat without having to create a new chat is great, plus the location feature is a nice way to see where people are if you then want to come together and meet up in person.

If I had to give any negative feedback about this feature, it would be that as great as it is that you can leave a conversation, you cannot rejoin it later. You have to create a new conversation and add in the same participants.

Well, that’s all for now!

I hope you have found this blog and the rest of the current series useful. Even though most of these ones are not technically ‘hidden’, they are not always easy to understand or discover and I felt they therefore needed some attention.

Again, there are plenty more features out there that I have not had the time to get around to posting yet.

Don’t forget, Apple has a good overview of the main new features of OS X Yosemite on their website should you wish to see what else is out there.

Read parts 1, 2, and 3 in this series.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.2 and iOS v8.2 which were the latest Mac OS and iOS releases at the time of writing.

The Amsys Certification for iOS Developers is here

ios certification training uk
Amsys Training continually looks at how we can provide continued support and professional development for our students, by providing unrivalled access to course content and trainers with expert knowledge and real world experience.

To complement our iOS App Development training programme, we have extended our offering by launching a comprehensive iOS certification programme.

As the first training provider to offer students a complete iOS Development learning pathway, these new certifications set an industry benchmark as well as helping developers verify their skill set.

“Our new certification programme will enable developers to distinguish themselves from industry peers as well as providing potential employers with an easy way to identify talented iOS developers and discover the best of the best.” Richard Mallion, Amsys CTO

What’s more these exams will be free to all Amsys students for the next six months, when booked with an Amsys iOS App Development training course.

The Certification TracksAmsys Certified Developer (ACD)
All beginner iOS developers are invited to take this certification to verify their app development skills using either Objective-C or Swift to an elementary level. Learn more about the ACD certification here.

Amsys Certified Advanced Developer (ACAD)
Verify your advanced app development skills with the ACAD certification which certifies your skill and understanding on Objective-C or Swift app development to an expert level. Learn more about the ACAD certification here.

Learn more about the Amsys iOS certification training programme now.


Summer Camp 2015

The Summer Camp is just a few short months away and we’re offering the ACD certification to all students on the Swift Development track plus labs on the Apple Watch.

So what are you waiting for?

Join our expert iOS trainers in Portugal for this all inclusive training programme at an incredibly low price and become an Amsys Certified Developer this summer.

For more information about this year’s Summer Camp please click here or email training@amsys.co.uk.

Enable Single Sign On Printing in OS X

Hi all.

I’ve been to a fair few of our clients’ sites now that run a managed print server for their network printing needs. Almost every time, the print queues need to be SSO / Kerberised to work with Active Directory accounts. Otherwise the users are asked to provide authentication for these AD accounts every time they print.

This is easy enough to fix from the command line, but what if you have a number of printer queues of which most or even all need to be kerberised?

Enter the Script

For ease of use, we utilise a script at Amsys for a while now. It simply loops through all installed printers, configuring them to use SSO first, and then fall back if this isn’t compatible. This allows home or local printers that may get caught up in the script, to still work fine, even with the setting configured. This would also allow us to potentially leave the script running repeatedly on a schedule (say, once a week or once a month) without any harm.

Well, enough waffling on. Here’s the script we use:

#!/bin/bash
#######################################################
#declare -x BUILD=2011022409
export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
declare -x MYNAME="configureCUPSKerb.sh"
 
## Executable vars
declare -x awk="/usr/bin/awk"
declare -x grep="/usr/bin/grep"
declare -x logger="/usr/bin/logger"
declare -x lpadmin="/usr/sbin/lpadmin"
declare -x lpstat="/usr/bin/lpstat"
declare -x mkdir="/bin/mkdir"
declare -x perl="/usr/bin/perl"
 
## Get a list of our SMB printers
 
declare -x SMBPRINTERS="$("$lpstat" -v | "$grep" smb | "$perl" -p -e 's/device for (.*): smb.*/$1/g')"
OLDIFS="$IFS"
IFS=$'\n'
for SMBPRINTER in $SMBPRINTERS; do
	"$lpadmin" -p "$SMBPRINTER" -o auth-info-required=negotiate 
done

Summary

There you go, a nice easy one that hopefully helps people out! As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Bootnote

After some digging around, I think I found where we originally discovered the script, or at least another copy of it.

Massive thanks to Beau Hunter and JAMF Nation!

More to read about Printing with OS X:


Disclaimer

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Munki 2: Upgrading Your Munki Repo Content

Hi all. Welcome to the fourth part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an add on to the earlier articles enabling you to take your plain default Munki 1 content and snazz it up to the Munki 2 standard!

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2

Setting the scene…

So you’ve carried out all of the upgrades and got everything to work, but your repo is looking a little like this:

munki 2 repo setup

And your end users are seeing something like this:

managed software centre munki 2

Kinda sucks right? We can do better than this.

First up…Icons

Let’s start on getting some icons added and working. Well, would you know it, Greg has gifted us another command line too to run to automate this: Iconimporter.

1) Grab a copy from the Munki GitHub page and put it into the directory /usr/local/munki on your administration Mac.

2) Now run this, pointing the tool at your Munki Repo:

/usr/local/munki/iconimporter [path to your munki repo]

munki repo command

3) The tool should now go through all items in your repo, dig out the icons where possible, upload this into the correct directory (./munki_repo/icons/) and configure the pkgsinfo files to use it.

munki repo icons

4) Now what you may notice is that sometimes it finds more than 1 icon you could use. In this event, you’ll need to manually go into the icons directory, chose one of the icons and remove the “_[x]” off the end of the filename.

For Example: I want to use the second Python icon for the Python item. I will rename ./icons/Python_2.png to ./icons/Python.png and Munki will use this.

Now, without bothering to go through and do this for all the installers, my repo immediately looked prettier!

prettier munki repo

And prettier means, much more end-user friendly!

user friendly munki repo

Don’t forget to check out the full documentation for all of the information.

Categories and Developers

Now we’ve added the pretty pictures, how about some organisation? Let’s set a Category and Developer for each item.

I’m afraid at the moment that this is a manual task entailing opening each relevant pkgsinfo file on your repo (./munki_repo/pkgsinfo/) in a plain text editor and adding the values for these items. For example, let’s use the Firefox pkgsinfo file.

Before:

firefox pkgsinfo munki 2

After:

firefox pkhsinfo munki after

Don’t forget to run a makecatalogs once you’ve finished:

/usr/local/munki/makecatalogs

Editing XML files…I’m not so sure about that

I understand that some people might feel that editing an XML file might be too open to mistakes, and that’s a fair point to make. For these people, I’d recommend two things:

1) Always backup the file before you make your edits. Do not delete this backup until you have confirmed your changes work fine.
2) Why not Zoidberg Munki Admin?

editing xml files munki 2 meme

As I’ve stated in a previous post, Munki Admin can easily set the Developer and Category with a nice GUI interface.

Even better? These values can be set by dragging the item (or items!) to the relevant sections on the left hand side!

munki admin packages

Summary

And that’s it, configuring and upgrading to Munki 2 for beginners! How’s that? Got a taste for more Munki? I’d highly recommend four places to go next:

1) Attend the Munki 101 course
2) Munki Wiki / Documentation
3) Munki-Dev Google Group
4) The ##osx-server irc channel

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Revise IT – OS X Support & Server Essentials 10.10 Update

It’s been a big month for our revision app, Revise IT.

Earlier on this month, Revise IT received the Bronze award at the Surrey Digital Awards, with Guitar Coach Magazine by Brand Vision and StaySafe Business by Safe Apps receiving Gold and Silver respectively.

Then on Thursday last week, OS X Support and Server Essentials 10.10 test questions were published on the app. This means you can now test yourself on ACSP and ACTC 10.10 before you take your exams by updating or downloading Revise IT for free today.

support essentials 10.10 revise it

 

Revise for your 10.10 certifications.

As with 10.8 and 10.9, Revise IT includes the test questions for the following Apple Certifications:

  • OS X Support 10.10 (pass mark 73%)
  • OS X Server 10.10 (pass mark 75%)
  • Mac Integration Basics 10.10 (pass mark 85%)
  • Mac Management Basics 10.10 (pass mark 84%)

Simply choose your desired Apple Certification to test your knowledge. Once you’re confident that you can pass the exam(s), call Amsys or your local Apple Authorised Training Centre to book your exam.

Don’t forget.. you can also tweet @amsysuk to let us know your test scores while you’re revising!

Thank You

And finally… we just wanted to say a big thank you to the Apple Community for their continued support of Revise IT over the last few years!

 


 

 

Download Revise IT for free and start revising for your Apple Certifications today.

Learn to develop apps for the Apple Watch with Amsys

developing apps for apple watch

Last night Apple released what will be their hottest product on the market today, the Apple Watch, with some speculating that the Apple Watch could make Apple the world’s first $1 trillion company!

Since Apple announced the Apple Watch last autumn, developers across the world have had access to the WatchKit beta. During this time, Apple has partnered with a select number of companies such as Nike, Pinterest and even an Australian SuperMarket chain “Woolworths” to develop apps for the Apple Watch before its retail release in April.

The Amsys iOS training team have also been hard at work learning everything there is to know about the Apple Watch and its framework WatchKit.

So what exactly is WatchKit?

WatchKit is the framework and APIs provided by Apple to develop Apple Watch apps using either Swift or Objective-C. At the moment, native apps are not supported. Instead, the Apple Watch app acts as an extension to an iPhone app.

How can I learn to develop apps for the Apple Watch?

To complement our iOS development training programme, the natural next step for Amsys is to add an “Apple Watch Development course” to our schedule. Over the last nine months, our team have been using the betas provided by Apple to discover what works and what doesn’t so that we could create a brand new course.

How does WatchKit differ from the SDK?

In some ways, WatchKit feels very familiar. However, there are no classes that we can use to make use of for the Apple Watch but it involves similar programming principles that we currently use for iOS.

Will it be difficult to learn how to develop apps for the Apple Watch?

Not at all. If you understand iOS programming, then this is a natural extension to that. If you are new to programming, then we have always said that anyone can learn to program. All you need is some time and a good teacher.

What will you be able to develop after attending this course?

You will be able to make use of all the capabilities that WatchKit offers. Like all programming courses, we will teach you the skills then it’s down to you to use your imagination to build a killer app.

How does it differ from the iOS App Development – The Fundamentals Course?

The Amsys “Developing Apps for Apple Watch” course is focused purely on WatchKIt. The training programme is run in the same way to all our iOS development courses; with plenty of hands-on labs so that you get maximum exposure to the code.

What are the pre-requisites to attend this course?

Because Apple Watch apps require the iPhone, you will need to have a basic understanding of iOS programming, not too much, but some exposure would be great. We will be running the course for both Swift and Objective-C, so an understanding of your chosen language is required.

Why should I learn how to develop an app for Apple Watch?

If you already have an iPhone app, it makes sense if you can extend that app to the Apple Watch. Not all apps will be able to do this, but a lot can. As this is a new market, there’ll be a new gold rush so being first to market is an incentive!

How will an Apple Watch app benefit my business?

If you already have an iPhone app, adding the WatchKit component will make your app a more personal experience, which is key in the digital marketing age of today.

Will Amsys be developing an app for Apple Watch?

Stay tuned.

If you would like to learn how to develop apps for the Apple Watch then speak to the Amsys team today call 0208 645 5806 or email training@amsys.co.uk.

National Apprenticeship Week: From Apprentice to Director

Hi all, david-acland

A slightly different blog this time.  As some of you will know, this week it’s National Apprenticeship Week; a governmental initiative celebrating the positive impact that apprenticeships have on businesses and individuals. So I thought I’d share the path that I took with Amsys; from Apprentice to Director.

My Story

Leaving school, I followed in the family tradition and pursued a career in catering.  This took me from college, to a few different bakeries and onto working in a number of London’s restaurants.

Things were progressing but not quite as I would have liked.  I knew that catering wasn’t a long term option for me and that I needed to change.

I thought back to other things that interested me when I was in school and computers came to mind.  I looked at various training options to help me switch career.  Microsoft were of course at the top of their game, so I looked at studying for a MCSE.

Unfortunately, the price was prohibitive and the studying time without an income really put me off.

Looking through the local newspapers (how we looked for jobs in the olden days) I noticed an apprenticeship being offered with a local company called Amsys.  I went for an interview, which I’d have to say could have been better, but luckily was offered the position.

Life as an Amsys Apprentice

I started working on the Summer 2000 iMacs, learning how to replace logic boards, hard drives, CRTs etc and continued to spend the first year learning how to fix each of the Mac models, PowerMac G4s, Cubes and PowerBook G3s.

While concentrating on the day to day work, I kept an eye on my progression.  There were plenty of chances for training on technical topics and other departments of the business including logistics and call control.  As opportunities came up, I offered to step in, moving into workshop management and gaining a bit of an obsession for processes along the way.

Promoted To Apple Certified Trainer

After a few years with Amsys, we won a contract with Apple to provide certified hardware technical training.  Demand was high, and there was a clear opportunity for me, so I jumped at the chance to become a hardware technical trainer.  Of course, it was intimidating initially but I soon realised I knew what I was talking about when it came to fixing Macs.

The Amsys training portfolio grew, and as it did I picked up more and more technical courses to teach, including Mac OS X Support, Mac OS X Server, and finally getting the chance to each the ACSA courses, Deployment, Directory services integration and specialist courses like XSAN Administration.

Developing Amsys Consultancy Department

After five years of training, I was looking for a change.  We were often being asked by training students whether we would go onsite to help out with server setups and installations.  This seemed like a logical path for Amsys to take so we started taking bookings for technical projects.  This was quite a significant change from the comfort zone of the classroom, and I learnt about project management and integration with all the other technical systems out in the world.

Joining The Amsys Board

To help support our installation projects we started to create a service desk operation.  At the same time, I was lucky enough to be offered a position on the Amsys board.  Things continued to develop, growing our support and projects team to become a significant part of the Amsys business.

Things have continued to progress steadily for Amsys and my career.  We’ve grown considerably, and I’ve been presented with some pretty interesting challenges along the way.

“The Apprenticeship is what gave David his “break” and a good foundation for a career. Ultimately David has been extremely successful because he has an unquenchable thirst for knowledge, is never content with the status quo and is constantly trying to improve himself and the processes for which he is responsible.

He is proof that if you are prepared to apply yourself and work hard you will be successful.

The “Amsys Apprenticeship” has launched countless successful careers in the IT industry. Amsys Alumni are now IT Managers, IT Directors, Apple Geniuses, Trainers, Project Managers, Sales Professionals and Entrepreneurs in a wide range of Technology businesses.” Alex Hawes, Amsys MD

If you’re making crucial career choices and think an apprenticeship could be the right path for you, then check out the Government’s apprenticeship website or speak to our team for more information.

Clearing stubborn Print queues

I recently spent a day onsite during half term looking at a set of iMacs that were intermittently pausing their print queues. I used a few different terminal commands to work around the issue so I thought I’d share the findings.

The setup was a classroom of Macs with a single HP A3 colour laser printer. Printing was through a Windows print server using Equitrak print management software.

The Symptom

Intermittently the printer on one of the Macs (it was random as to which one was affected) was paused. Attempting to start the printer was unsuccessful.

I enabled the cups interface in the Terminal on one of the affected Macs with:

cupsctl WebInterface=yes

I then logged on to the web interface: http://127.0.0.1:631 and looked at the printer. The queue had a load of stuck jobs from different users that had logged on.

The workaround

In this case, it had to be a workaround. There is clearly an underlying problem causing the print queue to pause but being half term at this particular site it was a ghost town, and no-one had access to the print server to investigate further.

The paused jobs in the CUPS web interface were not much help, other than to state that they were stuck.

So to work around this problem we wanted a way to clear out any stuck jobs and to restart the queue when a new user logs in. This was achieved with the following script:

	#!/bin/sh
 
	cancel -a - # Clears the stuck jobs in all queues
	cupsenable PRINTER # Restarts the print queue
 
	exit 0

You would need to replace “PRINTER” with the actual name of the print queue. You can get this by using:

lpstat -p

Given more time it would be worth expanding this script to check if the printer is running and only use cupsenable if needed. It could also specify which queues to clear. But for the requirement I had, this was sufficient.

Next we needed to get the script triggered. There are a bunch of ways to do this (see this podcast if you are wondering about the other options). In this case, I am using a LaunchAgent. This is because:

  • I want the script to run each time a user logs in
  • There was already a login and logout hook that I didn’t want to interfere with

The LaunchAgent was placed in /Library/LaunchAgents and looks like this:

<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	     <key>Label</key>
	     <string>uk.co.amsys.clearqueue</string>
	     <key>ProgramArguments</key>
	     <array>
	          <string>/Library/Amsys/clear_queue.sh</string>
	     </array>
	     <key>RunAtLoad</key>
	     <true/>
	</dict>
	</plist>

With LaunchAgents, it’s important to make sure the permissions and ownership are set correctly. It needs to be owned by root, and the group set to wheel. The permissions also must match the other LaunchAgents that are already in there (i.e. -rw-r—r—). If the permissions are set too restrictively or too promiscuously, they won’t be used.

That’s it; each time a user logs in the queue is cleared and the printer resumed.

Extra Note: Before choosing “cancel -a -” I was testing “lprm -” which appeared to have the same effect. This was failing to run for non-admin users so I switched to the cancel command. Just in case anyone wonders!

More to read about Printing with OS X:

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Munki 2: Upgrading Your Clients and Using Munki Admin

Hi all. Welcome to the third part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an ‘updater’ blog to my previous two Munki blogs: “Munki Configuration Part 4: MunkiAdmin.app and “Munki Configuration Part 5: The client Mac”.

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2
Example Package: Mozilla Firefox v35.0.1

Upgrading the Client Tools

Nice and easy, simply install the new tools. Version 2 of Munki will happily use the same settings in your preference file.

Just a word of warning, the behaviour of the Launch Daemons for Munki 2 have changed and so if you do not push out the Munki v2 LaunchD installer, you will have unexpected behaviour on your clients (not something you want).

Ah, you may have noticed that this will add an additional requirement onto the upgrade install, your clients devices will need to reboot to complete the install.

Just bear these in mind when upgrading the client installations.

Obtaining the Munki Tools

Here’s a nice little tip. If you’re using AutoPKG (and if you’re running Munki, why not?) then there’s a core AutoPKG recipe for the latest full Munki 2 tool releases that I’d highly recommend using.

New Pretty Application!

As you may notice, the previous “Managed Software Update” application in the Utilities folder has been replaced by a shiny new, ‘Mac App Store’-like “Managed Software Centre” located in the Applications folder.

Open it up and have a look at the new layouts and additional information you can provide, like these screenshots!

Enough Client, what about Munki Admin?

Well, as always, Hannes has been keeping up with the Munki tools developer with his Munki Admin GUI solution for administrating the server. This includes setting icons, Developer and categories!

Double click one of your installer items to access the extra settings on the first tab.

munki admin 2

Summary

There you go. As before, I hope it helps someone out and gets you onto the new (and awesome) Munki v2. Tune in for the next part where I’ll discuss upgrading the content of your Munki Repo, with the Munki 2 goodness.

For these blogs, I’d always recommend reading the documentation (as Munki is a powerful tool) over at its new home on GitHub.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Where does Apple Mail & Outlook store your attachments?

Every file that is sent to you by e-mail is then stored in a specific folder.

Why Would I Need To Know Where Attachments Are Stored?

If you have ever opened an attachment from an e-mail, worked on it and pressed “Save” instead of “Save As” the document is saved to this specific location.

The location that Apple Mail saves attachments to is in the Users Library folder. The full file path is the following.

~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads

To access the Library folder, you can use the “Go” menu from the Finder. If you hold the ‘alt’ key while in this menu, you will get the option of the ‘Library’ folder.

apple mail saves attachments

Or you can select the “Go To Folder” option from the “Go” menu.

go to folder apple mail

Once you select the “Go To Folder” option you will get a pop-up with a box to enter the folder locations.

go to folder apple mail

Once entered click the “Go” button, and the finder window will open the folder location. You can then move the file to a location that is easier for you to access e.g., your Desktop or Documents folder.

attachment folders apple mail

Apple Mail creates a new folder for each e-mail and names it with the unique message ID. So you will have to navigate through the folders within this location to find the correct message that the attachment came in on.

Outlook Mail Attachments

The location that Outlooks saves attachments to is in the Users Library folder. The full file path is the following.

~/Library/Caches/TemporaryItems/Outlook Temp

How Do I Access This Folder?

To access the Library folder, you can use the “Go” menu from the Finder. If you hold the ‘alt’ key while in this menu, you will get the option of the ‘Library’ folder.

outlook saves attachments

Or you can select the “Go To Folder” option from the “Go” menu.

go to folder outlook apple

Once you select the “Go To Folder” option you will get a pop up with a box to enter the folder locations.

go to folder outlook

Once entered, click the “Go” button, and the finder window will open the folder location. You can then move the file to a location that is easier for you to access e.g., your Desktop or Documents folder.

OS X Yosemite Hidden Feature Series – Part 3

Continuing on with our series looking at features of OS X Yosemite that aren’t as well known or documented, Part 3 will focus on features in Apple’s Mail client.

Despite the graphical overhaul of OS X Yosemite, Mail as an app seems to function in similar way to how it was in OS X Mavericks and hasn’t experienced the relocating of settings and options as much as some other apps. So there is no real learning required to get to grips with it for existing Mac users.

There are, however, some rather nifty new features thrown in.  As I have mentioned previously, these may not necessarily be ‘hidden’ in the sense that you cannot ‘see’ them, instead the following features may not:

  • Be obvious as to where they are.
  • Be easy to understand on what they do.
  • Be as well documented by Apple.

New Feature 1:  Mail Markup

What is it?

  • Have you ever needed to fill in a form or sign a document that you have received as an email attachment?
  • Received a photo or map as an attachment and want to highlight or comment on it?

Normally, this would entail having to save the attachment, open it in an editing app, whether that be Preview, Photoshop etc, make your changes and save the edited file, then add the newly modified file back as an attachment in an email. Rather long-winded!

Enter ‘Markup’. This handy new feature allows you to annotate an image or PDF attachment easily while staying within the Mail app. How cool!

If you have ever used the ‘Annotate’ feature within the ‘Tools’ menu of Apple’s Preview app, then you will already know everything about this feature as ‘Markup’ is essentially offering you that ‘Annotate’ tool directly within Mail.

Below is a reminder of the Annotate features in Preview:

annotate feature os x preview

You can now sketch, add shapes, text, signatures, lines or arrows directly onto an enclosed image or PDF. Change the font and colours of these too!

Looking at it another way, instead of modifying an attachment that someone else has sent to you before re-sending it back to them. You can now even add an image into a new email, directly apply your annotation to it and then send it, all within Mail without having to modify the item before attaching it!

How does it work?

It is all rather simple. If you have received an email containing the attachment in question, just select to ‘Reply’ or ‘Forward’ the email containing the attachment as normal. If you wish to send someone else an email with an attachment but directly modify it, then again, just add the attachment to the email as normal.

Next, hover your mouse over the attachment and select the ‘down-facing chevron/arrow’ from the far right of the attachment as highlighted below by a red circle (using preview’s annotate features!):
annotating mail attachments

Once you have selected the ‘down-facing chevron/arrow’, select ‘Markup’ from the pull-down menu:

markup yosemite mail

The image or PDF then ‘zooms out’, offering an annotation toolbar at the top so you can now add your notations to the attachment with mouse, trackpad or keyboard!

markup annotations mail yosemite

Let’s now see it in action!

So now we know how to access Markup, what can you do with it?
I will work my way along the options of the annotation toolbar from left to right.

Sketch

sketch osx yosemiteThe first option is the Sketch tool. With this option, you can use a pen tool so you can perform freehand drawing. Your mouse pointer will change to an ‘ink pen’ icon while you are hovering around the attachment, allowing you to click to select where you wish to start freehand drawing. Use the Shape Style, Border Color and Fill Color options to customise the size and color of your freehand drawing.

In the example below, I used the sketch tool to circle around the location of our Surrey office, the Sketch tool has then offered me some customisation options:

sketch tool yosemite

I can either keep to my ‘rough’ freehand circle, or select below to have it ‘tidied up’ :
tidied circle yosemite

I think the tidied up version is better than my freehand circle!

Shapes

shapes os x yosemiteThe second option is the Shapes tool. As it implies, this tool can create shapes, but also insert speech bubbles or arrows onto your attachment, and even has a handy ‘highlight’ and ‘zoom’ option too:

shapes os x yosemite mail

I won’t demo all these shape options since most of them are similar and straight forward, but here’s how to create a custom arrow on an attachment:

Step 1: Select the ‘arrow’ option under the Shapes feature to add an arrow with the current Shape Style, Border Color and Fill Color settings.

Step 2: You can drag the arrow around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’ end point handles to change the length of the arrow or change the angle:

using shapes yosemite mail

Step 3: Drag the ‘green’ middle point handle to change the arrow from a straight arrow to a curved arrow:

shapes arrows yosemite mail

Step 4: Use the ‘Shape Style’ option to change the ‘thickness’ of the arrow, make it a dotted arrow or to add and remove the end points of the arrow:shape style option

shape style option expanded

Step 5: You can then use the ‘Border Color’ option  and ‘Fill Color’ option to change the colour of the border or to fill in the arrow with a different colour:

change shapes colour

(Choosing the first color  will allow you to have NO border or fill colour)shapes no fill
Let’s now look at how to add a custom highlight on to the attachment :

Step 1: Select the ‘highlight’ option at the bottom left of the Shapes feature shapes highlight option

Step 2: This should add a highlighted square on your attachment, allowing you to drag the blue resizing handles to select which part of the image you wish to highlight. The image below shows a red arrow pointing to the stations nearest the Amsys Surrey Training Centre and that area of the map is now highlighted too:

highlight attachments yosemite

Highlighting a block is quite nice, but the ‘magnifying glass/zoom’ feature is even nicer. I have re-selected the highlighted area and used the ‘backspace’ key to delete this element and will now add a ‘zoom’ element instead.

shapes magnifying glass

Step 1: Select the ‘magnifying glass/zoom’ option at the bottom right of the Shapes feature.

Step 2: Again, you can drag the zoom element around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’ handle to change the length of the zoom range:

change length zoom

Step 3: Drag the ‘green’ handle to change the amount of zoom required, I have used the green handle to zoom in further on the stations I wanted to highlight:

zoom in further

shape style optionStep 4: You can again use the ‘Shape Style’ option to change the ‘thickness’ of the zoom border, make it dotted or have a shadow.

 

The ‘Border Color’ option can also be used to change the colour of the border:border colour

add border map mail yosemite

Text text tool icon
The third option is the Text tool. As this implies, this can add a free text box onto your attachment.
Simply click on the Text option to add a free text box and again you can drag the Text box around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow) and also use the ‘blue’ handles to change the length of the Text box:

text overlay

Just like any free text box on a Mac, double-clicking inside the text box allows you to modify the text to be displayed.
With the text box highlighted, you can again use the Shape Style, Border Color and Fill Color options to customise the border thickness, color and background fill color and perhaps create something like this:

text annotation yosemite mail

With Text boxes, you can also use the Text Style option  to also modify the text’s font, color, font size, bold, italic and underlined options as well as alignment within the text box:

text font change

The end result can therefore look like this with change of font, text color with bold and italic added:

text font change result

Let’s combine those 3 elements together. The arrow shape, the zoomed shape and the text box:

combine elements yosemite mail

Sign

The fourth option, is the Sign tool. Just click the Sign dropdown arrow and select ‘Create Signature’, you can then select to create a signature with your finger if using a Trackpad, or with the use of your Mac’s camera which can take a photo of your signature on a piece of paper:add signature yosemite mail
adding your signature to email yosemite

When using the camera, it will ask you to sign your name on a piece of white paper and hold it up to the camera:

adding-signature

 

It will then capture the signature and reverse the image so that it is the right way round as shown below:

sign your name

With both options, simply select Clear to try again or Done to add the signature to your annotations:

add signature

You can now select the captured signature to add it to your attachment:

add signature to email yosemite

Again, you can drag the signature around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’  handle to change the size of the text box. The ‘Border Color’ option  can also be used to change the color of the signature text should you wish.border colour

Shape Style

The fifth option, is the Shape Style tool. As mentioned during the above steps when looking at adding shapes and text, this is used to change the ‘thickness’ of elements, make them dotted, blurred or shadowed and to add and remove end points to arrows:shape style option

shape style option expanded

Border Color  
The sixth option, is the Border Color tool. This was also mentioned during the above steps when looking at adding shapes and text and can be used to change the colour of any border of elements:

change shapes colour

(Remember that choosing the first colour will allow you to have NO border color)

Fill Color
The seventh option, is the Fill Color tool. I mentioned this during the above steps too when looking at adding shapes and text, this is used to change the ‘Fill’ color of any element, such as the filled in color of a shape or the background color behind text:fill colour apple mail

fill colour palette apple mail

Text Style text style apple mail
Lastly, the final option, is the Text Style tool. Also mentioned during the above steps when looking at adding shapes and text, this is used to modify the text’s font, color, font size, bold, italic and underlined options as well as alignment within the text box:

text font change

Right, I think we’ve finally sorted out the Markup feature in Mail!
So let’s see my end result PDF after using Markup:

final annotated pdf apple mail

This was created using the steps above, but also included using the ‘duplicate’ command (or ‘CMD’ + ‘D’ keys) to duplicate some existing annotate elements I had already created to save recreating them from scratch.

As you can see, by adding a generic London travel map PDF into Mail, I have managed to use the Markup feature to clearly highlight the best stations to travel to when visiting our Soho and Surrey offices. All without having to modify the PDF first before adding to Mail!

Useful Info about Markup

Finally, here’s some useful pieces of info about this Markup feature:

  • Markup Clean Up - As noted whilst i was creating a freehand circle, Mail can automatically ‘clean up’ or smooth out your drawings to make them look nice and tidy.
  • Markup File Formats - As great as this Markup feature is, it currently only works with images/photos and PDF files. So you cannot use Markup to annotate other types of files, for example a spreadsheet created in Numbers or Excel.

The Markup Extension -  Markup is in fact not just for Mail. It is part of the new ‘Extensions’ feature Apple built-in to OS X Yosemite and iOS 8. Extensions allows code from one application to be available inside another application. We have just experienced Apple’s Markup extension allowing me to use the annotation features offered within the Preview application directly within Mail.

So where is this Markup feature actually configured if not in Mail itself?

Well, OS X Yosemite offers a brand new System preference pane called ‘Extensions’ which offers the ability to provide ‘Extensions’ to apps and the Finder. Below you can see that the ‘Markup’ extension is enabled under the ‘Actions’ section to allow editing and viewing content across apps. (Preview to Mail in this example):

mark up extensions yosemite

Extensions, therefore, have the potential to completely change how Mac apps function. Hopefully Apple will incorporate more extensions into the file system and also allow developers to make their own or add to existing ones like Markup. Currently the Markup extension has limited availability, I’m hoping more apps will utilise it soon as it is such a useful tool.

For now, though, Markup has a perfect link between the Preview and Mail apps. So much so that if you have already created signatures using Preview, (Tools menu > Annotate > Signature, or visit this guide for earlier versions of OS X’s Preview app), these will automatically appear in a Markup enclosure in Mail when you select the Sign option! Cool!

New Feature 2:  Mail Drop

What is it?

Put simply, Mail Drop is a new OS X Yosemite feature integrated into the Mail app that lets you send large attachments in Mail without having to worry whether it is too big to send and then having to think about how you can get around email attachment limits if your email server rejects your email.

There are quite a few email systems that put a maximum size limit on email file attachments, meaning you are restricted on what you can attach to your emails.
This leads you into having to think of a way round this like trying to compress the files, crop/reduce the size of images, or even getting as desperate as having to upload your files a cloud-based storage solution and pasting in a link to this in your email.

Enter Mail Drop! With Mail Drop, you can now just drag a large file into a message as normal and click Send. Mail will execute Mail Drop to magically send the large attachment, (whether it be a presentation, video or just a folder of holiday photos) without any worry about size limits!

How does it work?

So, how does Mail Drop get around these email size limits?

As long as you have an iCloud account and are logged into this on your Mac, Mail can send the attachment by uploading the file to a temporary holding area on Apple’s servers where it is encrypted and held ready for download.
Just drag your attachments into an email message, Mail Drop can then take it from there. If the receiver of your email is also using Mail in OS X Yosemite, Mail can download the large file automatically so that they will receive the email with the download attachment as normal, as if it had been attached to the message.

However, If they use an earlier version of Mail, any another email app or even webmail, they will receive your email without the attachment, but the email will contain a link to download any attachments. A link that will remain available for 30 days before being deleted. The recipient will be notified in the email along with the link, the expiration date of the downloadable attachment.

The beauty of Mail Drop is that it costs NOTHING to use and the attachments stored in iCloud do NOT count towards your free 5GB of iCloud Drive storage either!
It doesn’t matter which email service you use either, whether it be iCloud itself or something like Microsoft Exchange, Gmail, Yahoo etc.

If you do have OS X Yosemite and are using Mail but don’t have an iCloud account, or you try to send an email without being logged into your iCloud account, Mail will just ask you whether you want to use Mail Drop or not.

Let’s now see it in action!

So now we know what Mail Drop is, let’s see how we can use it!

Sending the email:

Step 1: First of all, check you are logged into iCloud. Open System Preferences from the Apple menu and select ‘iCloud’. Sign in with your iCloud name and password if not already signed in. Check that iCloud Drive is enabled, then click on the iCloud Drive Options button and check that Mail is selected in the list of apps that store data in iCloud in order to activate Mail Drop:

mail drop yosemite

Step 2: Next, we need to check that Mail Drop is enabled for your email account. Open the Mail app and choose Mail > Preferences, click Accounts, then select your email account, click the Advanced tab, make sure ‘Send large attachments with Mail Drop’ is ticked:

enable mail drop yosemite

You can enable and disable Mail Drop here for each email account. So you can choose which accounts to use Mail Drop with.
If you are using Mail in OS X Yosemite and are logged into an iCloud account, Mail Drop should automatically kick in.

Step 3: Compose a new email message in Mail and drag in a large attachment:

send large files via apple mailStep 4: Mail may display the total message size just below the “From” address. This text should dynamically change to red if attachments go over the approximate limit for third-party email providers. (My above example screenshot used a gmail account). Click to Send the message and you’re done! (Remember that the attachment needs to be sent to Apple for hosting and, therefore, there maybe a waiting period before the email is actually sent).

Remember that the message size limit warning will trigger Mail Drop to create a link to the attachment instead of including the attachment in the email.

So what if you haven’t got an iCloud account or you are not logged in to it? Or perhaps you have disabled Mail Drop for your email account in Mail Preferences? Not to worry, you can still use Mail Drop but you will need to authorise this on sending the email.

Step 1: Compose a new email message in Mail and drag in a large attachment as mentioned above.

Step 2: On clicking Send, you will receive a notification from Mail asking you whether you want to use Mail Drop or not:

send large files apple mail step 2

Receiving the email:
Remember, if the recipient is using Mail in OS X Yosemite, they will receive the attachment within the email as normal. However, other mail client apps will receive the email with links to download any attachment from Apple’s iCloud servers and a notification of the expiry date of the download:

receiving large attachments from apple mail

Useful Info about Mail Drop

Tip! Remember to check that the email was sent before putting your Mac to sleep or shutting it down. If your attachments are large, they may still be uploading to Apple in the background. So check the Activity before closing Mail or putting your Mac to sleep or shutdown. (You can check your Mail Activity by selecting the Window menu in Mail and then selecting Activity). The next time you open Mail, you may find this error caused by you closing down Mail too soon:

useful infor about mail drop

This error can also occur if you have tried to send too many attachments using Mail Drop in a short period of time.

Mail Drop Limitations

Just as I mentioned for Markup, Mail Drop doesn’t suit all situations. Mail Drop may not activate properly even if both sender and receiver have an iCloud account. The reason for this is that Mail Drop is designed to work by using the sender’s file size limits for its trigger, NOT the receiver’s file size limits.

What does this mean?

Well, let’s say that you plan to send a friend a 15MB email, and your file size limit is 40MB. The email size is well within your attachment limit, but your friend’s maximum file size limit is only 10MB. Technically, the email cannot be sent at the current size, as even though it is smaller than your limit, it is larger than your recipient’s limit.

Since Mail Drop will only consider the senders’ file size limit, in this example, Mail Drop will not trigger an issue and, therefore, the email will send with the file received by your friend as a clickable link they can download from iCloud. As the sender, you will receive a reply notification that the recipient is unable to accept a message of this size.

Apple report that Mail Drop can only be used to send files if the email ‘exceeds the maximum size allowed by the provider of the sender’s email account’. In other words, as a sender, you cannot specify a custom file size threshold with which Mail Drop will trigger. So you cannot prevent situations like my example above.

Since Mail Drop is a new feature, we can but hope that in the future Apple releases a custom size control for Mail Drop to allow senders to ensure that their recipients receive attachments without having to receive a download link.

Mail Drop does support sending multiple attachments in the same message though, however the combined total size must be below the 5GB threshold.

In case you try and use Mail Drop but it fails to send, remember to open System Preferences and look at the settings in the iCloud preference pane. Ensure you are logged in correctly to your iCloud account. Check that iCloud Drive is enabled, then click on the iCloud Drive Options button and check that Mail is selected in the list of apps that store data in iCloud in order to activate Mail Drop.

New Feature 3:  Mail HandOff

Mail in OS X Yosemite also works with HandOff, so you can start to write an email on your iPhone or iPad, then switch over to your Mac to finish the email off. Perhaps you want to add a photo or another file to the email that’s stored on your Mac.

Refer to ‘New Feature 3: Handoff’  from Part 1 in this blog series for more info on this feature.

As well as these new features, searching for/within emails, previewing and Gmail & Microsoft Exchange integration seems to be more stable and efficient compared to OS X Mavericks.
Though not new features, it’s worth mentioning these as a benefit of using Mail in OS X Yosemite.

I hope you are enjoying this blog series and finding it useful. Please note though that the features and options I have mentioned are just a collection of the ones that I have discovered and found useful and it’s not a complete feature list.

Apple does has a good overview of the main new features of OS X Yosemite on their website.

Read part 1, and 2.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.2 and iOS v8.1.3 which were the latest Mac OS and iOS releases at the time of writing.

Understanding the Mac OS X Keychain

Online services, banking, social media, encrypted hard drives, everything wants to know your password before allowing you access.

My list of login credentials is growing slowly and remembering them is not possible anymore. With the advance of the internet and the world of IT becoming so ubiquitous, security policies require stronger and stronger passwords that often need changing.

Well, Apple has the answer to that problem – Keychain.

The Apple Keychain Utility has been around since Mac OS 9. Its deep integration into the system allows us to work without having to enter passwords to access resources. It just makes my life so much easier without sacrificing security. The types of data stored in the Keychain utility is WiFi network passwords, credit card numbers, website passwords, certificates and secure notes.

All keychain data is stored on the hard drive of my computer. I know it is safe because the keychain data itself is an encrypted database. To unlock the keychain, I will need to know my keychain password which is also my login password.

I hope everyone understands the importance of this password. Anyone who knows it and can gain access to your Mac, can unlock your keychain and access all this sensitive data. This is why it has to be a strong one.

Over the years, I have seen people using passwords like “apple”, “password” or even a blank password. Well, you can guess the risk taken by that. So, please, use a stronger one and don’t write it down where people can easily find it.

Where is my data and how do I access it?

The keychain data is stored in ~/Library/Keychains/, /Library/Keychains/, and /Network/Library/Keychains/. The first location is where my personal keychain is stored. To access their data, I need the Keychain Utility located in the Utilities folder in the Applications folder.

I like using spotlight to access the Keychain Utility as it only takes a few keys to get there – click on the spotlight icon in the top right corner and type “keychain”. Spotlight is quick and will predict what you are looking for and get it on top of the search quickly, so you don’t even need to type the whole word. Once you open it, you have access to your Keychain.

Understanding Local Keychain Files

I will briefly explain the purpose of the most important files in these directories.

/Users//Library/Keychains/login.keychain – This keychain is created when your user account in Mac OS X is created and normally has its password synchronised with your login password. It is unlocked at login and locked a logout. This is where most of your passwords will end up in. Its password is changed when you change your login password or using the Keychain Access utility.

/Users//Library/Keychains/ - UUID stands for Unique User ID – This identifier does not match your OS UUID. It is created when the account is created. This is where your iCloud keychain is stored but if the service is not enabled, it will appear as “Local Items” and be renamed to “iCloud” when the service is enabled. The iCloud keychain service allows passwords and other types of data from it to be synchronised with your other Apple devices like you iPad, iPhone or another Mac. The only requirements are that all these devices are using the same Apple ID account, and the OS supports the iCloud keychain service (Mac OS X 10.9 and above, iOS 7.0.3 and above).

/Library/Keychains/System.keychain – The System keychain stores items that are accessed by the OS and shared between user to allow, for example, everyone on the Mac to be able to connect to a WiFi network. Only administrators can change its content.

/Library/Keychains/FileVaultMaster.keychain - This file is created by the system when FileVault encryption service is enabled on your Mac. The OS manages its content.

/System/Library/Keychains/ – This is another location that can store loads of keychain files. Its content is managed by the system and other application. Most of them will not appear in the Keychain Access utility however, all users benefit from it.

iCloud Keychain

A major change to the Keychain was the introduction of the iCloud Keychain. This is my favourite feature because it takes all iOS compatible keychain entries and uploads them securely to your Apple ID account. This not only allows all your compatible devices to be able to access usernames and passwords but keeps them safe in a form of a backup in case of a disaster. I know my data is safe as a 2-step verification process is activated automatically allowing you to set an additional code and SMS verification from another device.

The Keychain Access Utility

The Keychain Utility is located in the Utilities folder in the Applications folder. Your password is not required to open it, however, if you want to view a password of any of its items, you will be prompted for your login password.

When you double click on an entry, the window will display its Attributes and Access Control parameters. These attributes include the name and type of the service, network location or the application the entry is for, your username if one exists and a field for the password which appears blank until the “Show password:” box is ticked, and you authenticate. The Access control tab will show you what is allowed access to that specific entry with a few adjustments available.

os x keychain yosemite

Troubleshooting

There may be times when the keychain gets corrupted, and you cannot access your data. Fortunately, the Keychain Access application has a built-in repair tool called Keychain First Aid that can be accessed from the Keychain Access menu. The tool requires your keychain password to allow you to verify and rebuild it and will only work on keychains you own as a user.

So, what do you think? Feeling a bit more comfortable with the idea of trusting machines with your passwords over your notepad? I certainly do myself.

Creating Config Profiles instead of a First Boot Script

As a follow up to my first boot script blog, I wanted to spend a bit more time with configuration profiles to see if they could be used to replace some or all of it.

It has become increasingly apparent that Apple is in favour of managing settings via configuration profiles and the MDM system so we thought it was time to modernize the techniques we are using. In addition to this, while we have used a first boot script for quite a few of the recent OS versions which have worked great, with 10.9 and now 10.10 there were a few things that have been bugging us:

  • Having to work around preference caching.
  • Write lots of data into existing user homes and the system user template folder.

Preference Caching

Preference caching broke quite a few scripts people were using to configure OS X settings.  Traditionally, OS X and most applications use XML files stored in specific locations (Library/Preferences folders) in the root of the hard drive, the System folder and each users home folders.  You could use various methods to write data into these files, or even replace the files to affect the associated settings. 

Although introduced earlier, certainly since 10.9 the operating system started caching the information stored in these XML files.  If you edit the files directly, the change you made often gets replaced with the cached version.  Ben Toms has a great article on preference caching that explains it in more detail here.

There are commands like “defaults” that are preference caching aware which is good for one line key/value pair edits and entries. For more complex plists you can use Python, which is using CFPreferences, so would also work.  Some of the other commands like plistbuddy require you to kill cfprefsd before making changes, unless you’re editing files on a non-booted volume.

Configuration Profiles are also able to work with preference caching and apply as soon as they are deployed to the target device and so are the main focus for this blog.

Writing data into user homes and the system template

The second reason for wanting to use profiles is to avoid writing data into user home libraries and the System user template.  These methods generally avoid preference caching as they aren’t actually in use (although this isn’t guaranteed).  

The System folder has always been considered Apple’s domain so anything we put in there has the risk of being wiped out with an OS or other system related update.  To change the settings for existing user home folders, we had to use a loop in the script that contained the necessary commands to insert the key/value pairs.  This also worked, but is quite complex.

What Settings Could We Switch To Config Profiles?

The first boot script we use has quite a lot of different jobs to do so the first task was to list them out and investigate whether they could be switched to configuration profiles.  The below table lists each task and whether a config profile worked.

Task Profile? Notes
Creating a local admin account No Not possible with a profile, but can use the new 10.10 tool sysadminctl
Setting time zone and time server No The time zone and NTP server addresses are stored in /etc/localtime and /etc/ntp.conf respectively.  These are traditional UNIX Config files and can’t be manipulated with profiles.  Luckily the systemsetup command makes the process nice and simple.
Region, keyboard and language Yes Keys set in the com.apple.HIToolbox.plist and .GlobalPreferences.plist files.
Apple Remote Desktop No Similar to setting the time zone and server, there is a purpose built binary that can achieve this so no need to switch it to a profile
Enabling SSH access No Same as above, the purpose built command line binary works best
Setting up the Login Window Yes Keys set in com.apple.loginwindow.plist
Disable iCloud Setup at login Yes Keys set in com.apple.SetupAssistant.plist
Disable diagnostics at login No The plist file is stored in a non-standard location (/Library/Application Support) so profiles aren’t any use.
Disable Time Machine Popups Offering for New Disks Yes Keys set in com.apple.TimeMachine.plist
Turn off Gatekeeper Yes Available in the GUI configuration profile settings
Turn on right-click Yes Keys set in a bunch of mouse and trackpad plists (more details below)
Turn off restore windows Yes Key set in .GlobalPreferences
Stop writing .DS_Store files on the network Yes Key set in .GlobalPreferences
Set the Users Homepage Yes Key set in com.apple.Safari.plist

 
 
Creating a config profile

There are two main options for creating configuration profiles, either in a graphical interface, or by creating custom XML files. Some of the tasks above require the use of custom config profiles. These are used to set XML keys that are not available in the standard GUI options.

The core part we are interested in can be shown in this example snippet from the com.apple.TimeMachine.plist profile:

<key>PayloadContent</key>
<dict>
	<key>com.apple.TimeMachine</key>
	<dict>
		<key>Set-Once</key>
		<array>
			<dict>
				<key>mcx_preference_settings</key>
				<dict>
					<key>DoNotOfferNewDisksForBackup</key>
					<true/>
				</dict>
			</dict>
		</array>
	</dict>
</dict>

The Easy Ones

There were a few preference settings that could be replaced with simple checkboxes and dropdown menus. These were:

Some of the login window options

Although there are custom settings we have been adding into the login window preference file, the majority of the options can be set in the GUI:

custom settings config profiles

custom settings config profiles options

Security & Privacy

We would normally set the Gatekeeper options using

spctl --master-disable

but this can be set in the GUI as below:

security and privacy config profiles

Custom Settings

There are a few ways you can create custom configuration profiles.

Upload the plist file directly

Depending on the MDM system, in some cases you can simply upload the configured preference file. To get the preference file setup, I would normally recommend using a cleanly installed version of OS X and removing any keys that you don’t want. So if I wanted to set a few keys in the com.apple.TimeMachine.plist file, I would use the terminal to add the necessary keys such as:

/usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true

Then I would take a copy of the preference file so I can amend it:

mv /Library/Preferences/com.apple.TimeMachine.plist /Users/dave/Desktop/

Then we need to convert it from binary to xml so we can edit it:

plutil -convert xml1 /Users/dave/Desktop/com.apple.TimeMachine.plist

Once you have an xml version of the file you can open it in a text editor and remove any keys you don’t need in your profile.

This edited preference file can then be uploaded into your MDM.

Convert to a Configuration Profile first

The second option is to convert the preference file into a configuration profile. This will allow you to deploy the setting using a large range of tools including an MDM server, Munki (since version 2.2) or using the profiles command in the Terminal.

It is possible to create a mobileconfig file directly in a text editor. There are a bunch of profile specific xml keys such as:

<key>PayloadDisplayName</key>
<key>PayloadRemovalDisallowed</key>
<key>PayloadUUID</key>

Note - not a full list of mobileconfig keys

and the core

<key>PayloadContent</key>

that contains the management settings.

Luckily, Tim Sutton has created a very handy script called mcxtoprofile.py (available here). This script allows you to (amongst other things) specify a plist file as the input and have it create the mobileconfig file for you. Here’s an example command:

mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup

By default, configuration profiles lock the settings they are managing. In lots of cases, this works fine but in some cases, particularly when you start dealing with custom profiles and third party applications, locking the settings will either cause the managed setting to be ignored, or make the application crash.

To get around this, you need to change the default profile behavior so the setting is set, but unlocked so the corresponding application can change it if it needs to. You can do this per preference file in the profile with one of the following keys:

Always –

<key>Forced</key>

– This will lock the setting (default behavior)

Often –

<key>Set-Once</key>

– This will set the key initially and then reset it each time a user logs in (if they change it)

Once - Combining the

<key>Set-Once</key>

with

<key>mcx_data_timestamp</key>

set to the current NSdate will allow the setting just to be set once. This is useful if you want to set up the users environment a certain way for their first login, but allow them to change it afterwards.

Always:

mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Always

Often:

mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Often

Once:

mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Once

Final First Boot Script

As I mentioned at the start, there are a few settings that couldn’t be set with config profiles, or were so easy to do with a terminal command it wasn’t worth switching across.

In these cases, we kept the first boot script code. You could turn these into a series of payload free packages, or if you are using Casper, add them to individual policies to be triggered as required.

Below is the script we ended up with:

#!/bin/sh
 
# Requires 10.10 or higher.
 
# Create a local admin user account
sysadminctl -addUser localadmin -fullName "Local Admin" -UID 499 -password "apassword" -home /var/localadmin -admin
 
# Set the time zone to London
/usr/sbin/systemsetup -settimezone "Europe/London"
 
# Enable network time servers
/usr/sbin/systemsetup -setusingnetworktime on
 
# Configure a specific NTP server
/usr/sbin/systemsetup -setnetworktimeserver "ntp.amsys.co.uk"
 
ARD="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
 
# Switch on Apple Remote Desktop
$ARD -configure -activate
 
# Configure ARD access for the localadmin user
$ARD -configure -access -on
$ARD -configure -allowAccessFor -specifiedUsers
$ARD -configure -access -on -users localadmin -privs -all
 
# Enable SSH
systemsetup -setremotelogin on
 
exit 0

Summary

So now we have the config profiles in our MDM. When a device enrolls it falls into the necessary groups and configures its settings based on the XML information.

If anyone wants to grab a copy of our completed mobileconfig files and the amended first boot script, you can get them on our github page here.

Apple is clearly pushing profiles as the primary settings management method so its worth spending some time with config profiles and seeing what you can switch over to them.

Quick Tip: How to open System Preferences quickly

If like me you regularly access System Preferences to change settings then the following tip may help you open System Preferences quicker.system preferences osx

Open System Preferences using Keyboard Shortcuts:

On your keyboard use ALT + F2, which opens up the Display system pane. Then use CMD + L, which will change from the Display system pane to the main System Preferences.

Open System Preferences using Spotlight:

On your keyboard use CMD + SPACE to display the Spotlight search (top-right menubar) where you can simply type the keyword sys which should then display and select System Preferences, and then hit the RETURN key to open.

How to delete Keychains at logout

keychain logoutI’ve been asked quite a few times whether it’s possible to disable the Keychain functionality in OS X. This is a fairly critical part of the OS, so the short answer is no, but there are some workarounds that suit certain environments, particularly deleting the Keychain at logout.

Why would you want to do this?

For anyone new to the topic, the Keychain is a feature introduced years ago by Apple to securely store users’ passwords and to make them available to other applications. The functionality was built-in to a load of OS X features and apps like Mail, Safari and the Finder.

Apple also made APIs available to developers so they can integrate the Keychain into their apps. So if a developer needs a user to authenticate to use their app, they can store and retrieve credentials from the user’s Keychain.

So while this all sounds good, there are a few situations where the Keychain can get in the way. The most common issue is when password policies are being used to force users to change their passwords on a regular basis.

If they have been storing the password in their Keychain for things like file servers and email, and then change the password to something else, they will get Keychain errors, or worse, locked out from some applications as OS X tries to send the old (incorrect) password to the service.

Another problem is when users reset their password outside of OS X. This happens a lot in schools as students forget their passwords and have to have them reset in AD.

When the student logs back into a Mac that has a local copy of their Keychain the passwords won’t match, presenting them with an error. This is even more likely if the Macs are in shared classroom / lab setups. The users will be leaving a breadcrumb trail of local Keychain files making the problem much worse if their password is reset.

Deleting the Keychain at logout

A popular way to avoid this issue is to delete the Keychain at log out. When a user logs in, if no Keychain file is present in ~/Library/Keychains, the OS will create one based on the user’s current password. This means that all you have to worry about is deleting the old one before that point.

The script:

	#!/bin/sh
 
	rm -Rf /Users/$USER/Library/Keychains/*
 
	exit 0

This script will simply delete anything in the user’s ~/Library/Keychains folder, forcing the OS to create a new one next time they login.

To create it, use a “coding” text editor (Sublime Text, TextWrangler, BBEdit, Fraise, etc.) and add the code above. Save it with a .sh extension in a location accessible by all user accounts, and make sure it is executable.

We normally recommend making a new folder in /Library with the company name to store these types of things. If this were for Amsys, I would use the two following steps to create the folder and set the necessary permissions:

  1. In the Terminal, type “sudo mkdir /Library/Amsys”
  2. Copy the script you created into the folder
  3. In the Terminal type “sudo chown -R root:wheel /Library/Amsys”
  4. In the Terminal type “sudo chmod -R 755 /Library/Amsys”

All the above commands will need to be run as an admin user.

Getting the script to run

Once all this is in place you need to get the script to run each time a user logs out. To do this, you can add a new Logout Hook:

In the Terminal, type:

sudo defaults write com.apple.loginwindow LogoutHook /Library/Amsys/name_of_script.sh

You just need to adjust the path based on your company folder name and change “name_of_script.sh” to whatever you called the script when you saved it.

A note about Logout Hooks

When you use the defaults command to add a login or logout hook to trigger scripts, you are adding XML entries into the com.apple.loginwindow.plist file. This functionality has been deprecated by Apple, meaning it may be taken away in a future release of OS X. This is fine for login hooks as we have LaunchDaemons to replace them. It does, however, present a bit of a problem for logout hooks as there is no equivalent replacement.

There have been a few creative alternatives popping up on the Internet, but Apple has not indicated any plans to replace the functionality. So while it will work for now, this is worth taking into account when choosing to setup logout hooks.

Munki 2: What’s New in Munki 2.1 and 2.2

Hi all. Well, since we published my intro to Munki 2 blog, Greg has continued his forward march and released two full versions since!munki2

This blog will give a rough overview of the shiny new features in these releases!

So, Munki 2.1?

Munki 2.1 was released on 16th December 2014 with 2 main new features (excluding localisation work):

  • Replacing the use of ‘curl’ for the munki repo communications with Apple’s NSURLConnection.
    • This works around an issue with Mavericks and the use of Client SSL certificates to authenticate against the Munki repo. I saw this issue first hand and the workarounds typically involved installing custom versions of the command line tool Curl. Not ideal with you’re trying to use as little custom items as possible, like Munki is.
    • Full support for the deployment and installation of Adobe Creative Cloud Packager installers.
      • These are the product of Adobe’s Enterprise packaging tool and can be temperamental when used in deployments (not just with Munki). This update adds full support for them into Munki.

And Munki 2.2?

Munki 2.2 was released on 27th January 2015 with one huge new feature:

  • Munki now can accept, push out and install Configuration Profiles without wrapping them in installers or scripts.
    • This allows the pushing out of (computer level) profiles through the Munki system without requiring a system to wrap the profiles, or to check if they need to be installed (with custom install check scripts).
    • Additionally, Munki now creates and uses hash keys for the icons of packages, thereby only downloading the new icons when needed.
      • This should cut down on your network traffic relating to grabbing the icon files, which can only be a good thing!

Summary

There you go, two fairly major updates out in a matter of months. Has anyone tried the new updated versions? Any interesting stories? How about any cool new Munki tricks you’ve learnt? Let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

 

Amsys open 2nd location in Soho, London

amsys poland street

For the last five years, our London office has been based on Berwick Street in Soho. Here our expert team of Apple Certified Trainers and Technicians have been providing a range of Apple Authorised services to businesses based in London.

In response to increasing demand for our “walk-in-Mac repair” services, support and iOS Development training, we opened our second location in London last week.

This new location, which can be found on 44 Poland Street, will act as our Apple Services and Support Centre, just a short 4-minute walk from the Apple Store on Regent Street. Meanwhile, the Berwick Street location will operate as our Mac OS X & iOS Training centre.

What can you expect from Amsys’ New Apple Service & Support Centre?

Tech Bar & Walk in Apple Repair Services

Business users and Apple fans alike can pop into our new Apple Service & Support Centre to have your Apple devices serviced, fixed or replaced. You do not need an appointment to guarantee a repair, simply walk in and grab a seat at the sleek tech bar to have a chat with our team.

We are one of the UK’s largest Apple Authorised Service Providers and, as such, can repair and replace all in and out of warranty Apple devices including, iMacs, MacBooks, iPads, iPods and Apple TVs.

All repairs are performed onsite in our new state of the art, Apple Certified, workshop, with a typical turnaround time of 3-5 working days for each service.

Apple Authorised Training

To support increasing demand for Apple Certified, Advanced and iOS training courses we have also added an extra training room, to complement our two other classrooms on Berwick Street. Training will take place in state of the art conditions, using the latest Apple Tech, led by our Apple Master IT Trainers and/or experienced iOS Development Trainers.

Dedicated Service Desk

Recent rapid growth has led to the opening of Amsys’ second dedicated service desk facility at the new premises, enabling our Apple Certified techs to visit Amsys’ London based clients as and when needed. Here, our team of fully certified consultants and technicians will provide Apple support, consultancy and associated services to London’s businesses, schools, and universities.

Comment from Alex Hawes, our MD

“Opening a second location in Soho, London has been the natural next step for Amsys as growth accelerates across our six divisions. With five locations across the UK, we have securely positioned Amsys as the market leading technical partner for organisations that rely on Apple devices and third party tools. The future certainly looks bright, with plans to employ more techs and to release a range of innovative solutions. ”

For more information about our Apple services, events and much more, please subscribe to our blog or email info@amsys.co.uk.

Mac Myriad Podcast #1

mac myriad south africaMac Myriad (formerly known as Mac Tech SA), founded by Apple Trainer, Lee Balsdon, is a user group for Mac admins, techs and Apple fans in Cape Town, South Africa. The community has been running for just over year, providing a variety of monthly events for Apple Professionals.

Last week, Lee launched their first podcast to chat to international and local Apple experts about all things that matter in the world of Mac and iOS.

We were honoured to be invited to take part in their debut show, alongside Charles Edge (Bushel, Krypted.com)  and Karen Hart (Picster Books) for an entertaining discussion about all things Apple!

Listen to the podcast to hear:

Charles Edge talk about Bushel; the Amsys team chat about the history and future of Revise IT, and Karen’s inspiring iDeaf Project.

Plus:

  • Thunderstrike
  • Favourite Apps
  • Apple’s Quarterly Earnings

and much more!

Subscribe to the podcast on iTunes or listen on Soundcloud now.

Munki 2: Upgrading Your Munki Repo and Administration Mac

Hi all. Welcome to the second part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an ‘updater’ blog to my previous two Munki blogs: “Configuring Munki for a Mac Server” and “Munki Configuration Part 2: Admin Mac”.

Also, I realised in my intro blog, I used the term ‘Munki Server’ for the Munki Repo and I got a little stick about it. Rather then argue semantics, please assume that if I use the terms ‘Munki Server’ or ‘Munki Repo’ I’m referring the same thing, specifically the server that hosts all the Munki data you are serving to your clients.

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2
Example Package: Mozilla Firefox v35.0.1

Repo-side Upgrade

To be honest, there’s only one repo server-side change for a generic setup and that’s the inclusion of an ‘icons’ folder at the root of the Repo.

repo side upgrade munki

Now this folder will be created on demand when you first use the updated munkiimport tool to upload a package and create an icon for it. You could create this manually (say if you don’t have permissions to create new directories at the munki_repo root), just ensure it has the same permissions as the other directories, for example the pkgsinfo directory.

Administration Mac Upgrade

For your administration Mac, run the updated Munki 2 installer. As mentioned on the previous ‘part 2′ blog on step 7, if this Mac will not be running Munki client, simply use the ‘Customize’ option to deselect the “Managed Software Centre” and “Munki launchd agents” whilst running the installation.

administration mac upgrade

Munkiimport Updated!

With the new options, some changes were made to the Munkiimport command line tool to simply take advantage of these. This is in the form of three new (optional) questions asked when importing an item:

  • Category
    • Allowing you to manually specify the Category you’d like to have item displayed under. The most benefit would be seen if this item is an optional install.
    • Simply enter the desired Category and it’ll be added to the pkgsinfo file for the item.

munkiimport updated

  • Developer
    • Allowing you to manually specify the Developer you’d like to have item displayed under. Again, the most benefit would be seen if this item is an optional install.
    • Simply enter the desired Developer name and it’ll be added to the pkgsinfo file for the item.

munki developer

  • Icon
    • Icon is a little different from the other two. Munkiimport will first check if the Icon already exists matching the name of the Item. If not, it’ll offer to try and extract one. This generally only works for DMG or standard Apple pkg installers.
    • If a suitable Icon is found, it’ll upload the icon into the ‘icons’ directory on the munki_repo (creating the directory if not present), with the ‘[item name].png’ as the filename.
    • Finally, if successfully, it’ll add the path to the icon into the pkgsinfo file.
    • The icon will be shown next to the item in the new Managed Software Centre client application.

     

munki icon

Final Result

Following on from the above, I added Firefox to the optional installs on my test Mac and this is how it looked in the new client application:

add firefox options installs munki

Summary

There you go. As always, I hope it helps someone out and gets you onto the new (and awesome) Munki v2. Tune in for the next part where I’ll discuss upgrading the Munki Clients.

For these blogs, I’d always recommend reading the documentation (as Munki is a powerful tool) over at its new home on GitHub.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Note: Regarding Running a HTTP Munki Repo on OS X Yosemite Server

One little thing I did find that has changed with using the web service on OS X Yosemite Server is, by default, all HTTP requests are redirected to HTTPS. In a normal Web Server configuration, this is exactly what you want, with all communication between the Web Server and the Web Client being encrypted.

However, if you’re running a Munki Repo on HTTP and haven’t (yet!) got round to configuring HTTPS it will stop Munki clients from reaching your repo. Don’t worry, this is purely a tick box in the server app and can be disabled by:

  1. Launch the Server.app and navigate to the “Web” service.
  2. Find your default website and double click it.

Read Munki 2: An Introduction Here.

 

Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Deploy a Firefox CCK2 package with Munki

Hi Munki / Firefox admin!

I’ve been known to use both JAMF’s Casper suite and Munki, situation dependent, but recently all of my Firefox CCK2 posts have been geared for Casper admins. Time to give some love to Munki in this area!

This blog assumes you have packaged the autoconfig files that CCK2 outputs and are ready to deploy them. It also assumes you have already got Firefox installed in your Munki Repo, either manually or via AutoPKG.

I have written the details using Munki Admin to take advantage of the easier GUI to show what’s happening. If you’d rather use the command line tools and edit the pkginfo files directly (and why not?) or you administrate your Munki setup without using Munki Admin, you should be able to take what I’ve written and easily translate it over to manually editing with the appropriate tools.

As always, this is how I have resolved the challenge I was faced with. I don’t make any promises that it’s the best way and I’m very open to hearing others’ opinions!

Package Info for your CCK2 package

1. Nice and simple. Import your CCK2 installer package into Munki, either using ‘munkiimport’ or Munki Admin. If you’ve used ‘munkiimport’, open up Munki Admin.

2. Find your newly added installer, and double click it to view and edit the pkginfo file.

3. (Personal Preference but) I would suggest ticking the ‘unattended install’ so that this ‘restrictions’ profile can be installed without alerting the user. The user will still be alerted if there are any installs / updates that are available that do not have ‘unattended install’ ticked.

4. Go to the “Requirements” tab. Add your ‘Firefox’ installer into the “Update for” section.
This will mean that you don’t need to add the CCK2 installer to a manifest and it will install after the Firefox installation (and not be replaced!)

editing firefox 35 cck2 installer

5. Click “OK” and then run ‘Save’/’Make’ to save the changes to the appropriate files.

6. This should now deploy fine.

What if this CCK2 installer is for a specific version of Firefox?

Ah, so you’ve read my previous blog about Mozilla changing the location of the CCK2 files between versions of Firefox? In this case, you’ll have a little more work to do. Once you’ve completed the above steps:

1. Navigate to your Munki Repo and find the pkginfo directory.

2. Open the pkginfo file for the CCK2 installer package in your favourite script-editing app (avoid word processes, such as Microsoft Word, and TextEdit as these can screw up the formatting of these files, thereby making them unusable).

3. Find the “update_for” key, and change this from “Firefox” to the full name of the pkginfo file (without the .plist) for the version of Firefox that this CCK2 installer is for.
e.g. To set my pkginfo to be for my Firefox-35.0.0.plist I will modify the CCK2 pkginfo from:

modifying firefox 35

to

modifying firefox 35

4. Save the file, and run the ‘make’ from Munki Admin, or the below command in terminal:

/usr/local/munki/makecatalogs

5. This should now only install the update, if the Mac is detected as having Firefox v35.0 installed (as detected by your Firefox-35.0 pkginfo).

Installation Detection

Now you will find you experience at least one (likely both) of the below scenarios:

  • If a user was to replace the entire Firefox application, or manually remove the CCK2 files, they will be able to remove the restrictions, and Munki won’t know to reinstall them
  • Munki will not be able to detect the installation of the CCK2 package and so will ask to update it at every Munki run.

More information for this can be found on the Munki site, however; it boils down to telling Munki (via the pkginfo file) what items correspond as the installer being ‘installed’.

This can be achieved through either an Installs Item/Array or an Install Check Script.

Please Note: Munki works through a priority list to determine which method to use to detect if an install is required. Regardless of the success or failure of the detection, it will stop when it finds the required information in the pkginfo, e.g. If you provide an Installs Array and an Install Check Script, it will only use the Install Check Script and will not failover to the Installs Array. The priority order is:

1st - Install Check Script
2nd - Installs Array / Items
3rd - Receipts

Installs Array

The first method I’ll show you is the Installs Array method. Again, as mentioned above, I’ll show you the Munki Admin method to try to make it as easy to follow as possible. Those who are happy to edit the pkginfo files, please feel free to do so! It would also help to know the actual files and directories that are being deployed.

1. Run the CCK2 installer package on a test device.

2. Install and Configure access to the Munki Repo from this device. Launch the Munki Admin application.

3. As before, find the CCK2 installer package, and double click it to view / edit the pkginfo data.

4. Navigate to the “Contents” tab. The top box is where the Installs Items are listed.

5. Open a Finder window and one by one drag in the files that the CCK2 installer deploys.

6. My example ended up as this:

editing firefox 35 munki

7. Click “OK” and then run ‘Save’/'Make’ to save the changes. This should now correctly detect when the package has been correctly installed and also reinstall should any of these files be missing (for example, should a user replace the Firefox application).

8. The relevant area of my final pkginfo file looked like this:

final pkg info file firefox munki
Install Check Script

So you didn’t like the Installs Array method? Or maybe you are intrigued as to other ways you could maybe carry out an amazing “Stupid Munki Trick” (https://github.com/munki/munki/wiki/What%20Are%20Stupid%20Munki%20Tricks)? In that case follow on. If not, please skip this bit.

1. Launch Munki Admin and access the CCK2 Installer pkginfo as mentioned above.

2. Go to the last “Install Check Scripts” tab. Check the left hand tick box and use the large left hand text window to write your script. The general rules are:
a. Any language that the Mac Supports, Munki will also support.
b. Most Importantly: An exit code of 0 means the item needs to be installed. Anything else means the item does not need to be installed.

3. For this example, I’ll cheat and use my CCK2 Casper Extension Attribute script to cut corners.

cck2 casper extension attributes script

4. I’ve changed line 36 to be “exit 0″ as this is when the CCK2 items will need to be reinstalled.

5. I’ve also changed line 39 to be “exit 1″ as this is when the CCK2 items have been detected as being installed.

6. As before, click “OK” and then run ‘Save’/'Make’ to save the changes

Summary

There you go. As always, I hope it helps someone out and saves you some time as well as give you more ideas for how to work with your Munki solutions.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

What will you do when your Macs aren’t covered by Warranty?

Macs play an increasingly important role in Enterprise and Education markets; and, therefore, it is important that your Mac hardware is protected against faults, damage and inevitable wear and tear.

Protecting your device(s) warranty

Apple have put in place a number of key requirements to ensure that your Mac gets the highest level of service and its hardware’s warranty is not invalidated when you send it in for a service, repair or upgrade. These include:

  • Only allowing Apple authorised parts to be sourced.
  • Only allowing Apple Authorised repair centres to fit the parts.
  • Tough regulation on the environment the repair is carried out in and processes the repair must follow.

Failure to meet these can invalidate the warranty.

Scales of Apple Warranty

For the first year of an Apple device’s life, Apple provides 1 year warranty that covers all parts and labour.

You can also choose to take out the “Apple Care Protection” (APP) plan, which covers your Mac hardware for the subsequent 2 years.

However, as your Mac enters their 3rd year of usage or are over 1 year old, without APP, this presents many companies with a very difficult decision:

Do you:

a)  Refresh your entire Mac fleet with new devices.

b)  Continue to use the devices but risk potentially hefty repair bills over the next few years?

As experienced tech users, we all know that Murphy’s Law hates gadgets!

Typically, Murphy’s Law tends to kick in the day after your warranty runs out and your cat decides to knock your MacBook off the table… or worse.


Amsys Alternative

Amsys offer organisations with a large Mac fleet another option. Devices over 3+ years old (or over one year without an extended warranty) can be enrolled in our “Break / Fix Contract.”

From as little as £105 per year, this hardware contract covers:

  • All parts,
  • All labour,
  • All carriage,
  • All diagnostics,
  • Priority repair service.

If you want to find out how you can continue to insure your Apple Devices, without having to renew your entire fleet, or pay for Out of Warranty repairs; then please contact me (Henry Capper), email henryc@amsys.co.uk or call 0208 660 9999.

 

 

Download all of the GarageBand / Logic Pro X Content Loops for deployment

Back in November, I had a conversation over Twitter with @TechGrlTweeter about how to capture and deploy the GarageBand loop installers. Now some Mac admins prefer to use network packet capture tools such as “Charles Web Proxy” however the method I suggested uses no additional applications and requires a lower technical skill level to do.

Content Loops?

Ok I may not have started clear enough. A little ago, Apple stopped shipping iLife suite installers for GarageBand, iWeb, iDVD, iPhoto and iMovie and instead utilised the Mac App Store for these products, as well as for Logic Pro X. To minimise the download size of GarageBand and Logic Pro X Applications, the content / music loops were separated.

When these Applications are first launched, they try to download and install the content, with this totally over 10s of GBs of data (especially for Logic)! Additionally, Apple will occasionally release new content packages, which are then downloaded the next time the Application is launched.

In environments that manage their Mac devices (particularly Education departments) they will need to deploy these additional content packages with GarageBand and Logic Pro, otherwise users face a lengthy wait on first launch. Not an ideal user experience!

The question is how to catch and include these content packages. With a monolithic image, this is simple as the loops can be downloaded and included in the image. With a modular image, or if Apple release an updated content package, you need to use another technique.

Capturing all of the Content Packages

In the examples, I have used a fresh version of Mavericks 10.9.5 and an un-launched copy of GarageBand, but the process is almost identical for Logic Pro X and for when Apple releases an additional content package.

1. Launch GarageBand or Logic Pro X. You should either be prompted to download the new content or it will start automatically.

capturing content packages garage band

2. This will take some time, especially with Logic. Go make a cup of tea / coffee and generally leave the Mac to one side. Dependant on the size and number of content packages, and the speed of your connection, it may even be advisable to leave it running overnight.

downloading installing garage band

3. Eventually the progress message under the loading bar will change from an ETA to “Installing…” and an authentication window will appear asking for administration details. DO NOT FILL THIS IN AND DO NOT CLOSE THIS WINDOW!

installing garage band

4. Move the authentication window and the GarageBand / Logic Pro window to one side and go to your Finder application.
5. In Finder, select “Go” then “Go to Folder…”

authenticate garage band

6. In the box that appears, type “/var/folders/” and click “Go”. This path is case sensitive but you can use tab-completion to fill it in.

var folders garage band

7. You will see any number of folders here, all with seemingly random two letter names. We need to organise these by size, which by default you won’t have enabled.

8. In the Finder, click “View” then “Show View Options”.

view options garage band

9. The View Options will now appear. Tick the “Calculate all sizes” check box. To avoid having to do this at each level, I suggest clicking the “Use as Default” button.

calculate all sizes

10. Once we’ve got the views sorted, we are going to need to drill down via the largest directory sizes to find what we’re after. I’ll show you what I had in my example but it will be very unlikely your directories will be named the same so you may need to go solo through this step.

a. My first level was “lq”.

directories garage band lq

b. My next one was “fwf625f54h52zc0vm3htj1yc0000gn”

directories garage band fw

c. Next I had just “C”

directories garage band c

d. Now this is where we should all be in the same location! Find “com.apple.garageband10″ (or “com.apple.logicpro…” if you’re grabbing Logic Pro content packages).

directories garage band 10

11. Open this directory and you should see an overly large one, in the example this is called “com.apple.MusicApps”. Open this.

directories music apps

12. Inside this there will be a directory called “audiocontentdownload.apple.com”. Open this (nearly there…)

directories audio content download

13. Inside this last directory is another called (in the example’s case) “lp10_ms3_content_2013″. Open this.

last directory

14. And hey presto! There are your content packages, all neat and ready to be pushed out.

all content packages

15. Organise it by size (or type) and grab all them all (14 in this case)!

organise by type

Credit

Now I have to be honest and say that I did not figure this out myself but rather by ‘standing on the shoulders of giants’. I found the information around a year or two ago and for the life of me, I cannot remember exactly where. Other than it was either:

So if anyone finds out whereabouts it’s mentioned, please comment below and I’ll update the blog.

Summary

I hope this help anyone else who has to push out content packages to find and grab these as needed. This has worked for me for Mavericks and Yosemite so looks good so far!

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Best practices in 2015: Managing settings in Mac OS X & iOS

To continue our best practices series for 2015, this time around I’d like to describe the methods for settings management.

This is focusing on the central management of settings for the Mac OS such as the login window layout, and for installed applications such as Microsoft Word or GarageBand although also includes iOS.

Why manage settings?

For some people reading this, you may wonder why you need to manage device settings at all. There are scenarios where you might not want to do this. If you are working on your own and are using a Mac, any settings you configure would be applied directly to the OS via System Preferences, etc., or within the preferences screens of the apps you use.

If you are responsible for multiple devices, from 3-4 to thousands, you will be interested (albeit from differing perspectives) in controlling certain settings from a single administrative point.

In an education scenario, there are often labs of shared computers that have lots of different people logging in. As the classes are time constrained, it is important that each new user logging in is able to launch the application relevant to their lesson with the minimum of steps.

You don’t want the user to launch Microsoft Word and have it present them with a series of questions about joining customer improvement programs and whether or not to automatically update. You just want to load the app so they can get to work. To achieve this, you need a way to manage the settings.

In a business scenario, device deployments are generally one-to-one so refining the individual app settings can be less important. You may, however, want to ensure that certain security settings are enabled, and stay enabled. Enforcing options such as GateKeeper, FileVault, and screensaver passwords and making sure that users either can’t switch them off is important.

What methods should you use to manage settings?

To configure most of the settings in Mac OS X, there are two core techniques, shell command / scripts and configuration profiles. It can be argued that it shouldn’t matter what technique you use as long as you achieve your goal, but it’s worth noting that most settings will be significantly easier to configure with one or the other.

You may notice that I am not discussing the tools you use to deploy these settings. These will be mentioned a little later on, so for the moment we are focusing on the underlying core techniques.

Why aren’t we including MCX / Workgroup Manager / Open Directory in this article?

We have been in a bit of a transition period over the past few years from something called MCX to MDM and configuration profiles. If you visit a school that had Macs installed 3-4 years ago you will typically find an Apple server running Open Directory (which holds the management settings) and Workgroup Manager (an app that lets you configure the settings).

Apple has been pushing the use of configuration profiles since the release of 10.7 (Lion) and has now dropped support for Workgroup Manager so it is safe to say if you are working out how to manage settings in 2015 (or later), you won’t be using Open Directory and its associated tools.

The last reason is the lack of iOS support. It is becoming increasingly important to control the settings for all Apple devices, which is the key reason Apple have replaced Workgroup Manager with Profile Manager.

Features you need to include when implementing your management system

There are a few features you need to think about including when you are looking to manage settings on your Apple devices.

  • Ability to switch them on and off - You will want the ability to switch these settings on, but you should try to pick a mechanism that will allow you to switch them back off should you need to
  • An ability to push the settings at any point - Where possible, pick a method that allows you to push the settings, not just at the point of initial configuration, but to already deployed devices
  • An ability to adjust the settings after deployment - You may need to adjust the settings once they have been deployed so try and make sure the method you are using can do this
  • An ability to exclude the devices from the scope - You will likely deploy the settings to groups of devices. Make sure you have the ability exclude devices from the scope (and thereby remove the settings) should it be needed
  • An ability to check the success / failure status - You will need to know that your settings have been successfully deployed, or re-deploy if there is an error with some devices.

It’s not always possible to include all of these features with some types of settings but on the whole if you can tick all of these boxes it will be useful later on.

Manage settings with terminal commands

One very popular method to control Mac OS X settings is to use terminal commands. There are lots of examples in the previous blog post “Creating your first boot script”. You can either run individual commands or (as in the first boot example) group a collection of commands into a shell script and push it to your clients. Reversing or adjusting the settings post-deployment would be a case of pushing the altered scripts to the necessary machines.

There are, of course, a few drawbacks with this approach:

  • This is for Mac OS X only
  • In many cases, this is a harder skill to learn (compared to GUI configuration profile tools)

A note about preference caching in OS X

Some of you will have heard of preference caching in OS X. This feature, introduced in newer OS X releases, caches settings stored in preference files. This can interfere with tools that edit preference files directly like the defaults command.

This being said, there are lots of terminal commands that are still very useful, and difficult to replace with other methods, such as enabling Apple Remote Desktop, sysadminctl to create user accounts and systemsetup to set NTP server details.

Getting your terminal commands & scripts deployed

Once you have the commands written into a script, you will need a way to deploy them. Depending on the site, we normally use either the Casper Suite from JAMF Software, which can trigger scripts at login, logout, start-up, recurring check-ins (to name a few), or we use payload free packages (Apple installer packages that run a pre or post install script). With a payload free package you can use other tools like Munki or Apple Remote Desktop as a deployment tool.

Configuration Profiles

The second option for managing settings is to use configuration profiles. These are specifically formatted XML files that contain (amongst other things) a settings payload that can control settings in OS X and iOS. Many popular MDM services like Meraki and Casper have the ability to create and deploy configuration profiles using a simple GUI interface.

A nice feature of configuration profiles is the ability to control custom preference settings in OS X. As they are XML files, you can create them in plain text editors, loaded with the settings you need to enforce. In some MDM products, you are able to upload your customised preference files directly from OS X and have them convert into configuration profiles ready to deploy.

Configuration Profiles are also able to avoid the issues experienced by preference caching.

Getting your configuration profiles deployed

When we have created our set of configuration profiles, we again either use Casper’s built-in MDM functionality or the new abilities built-in to Munki to install them.

You can use most MDM services to deploy the profiles, just bear in mind that some simpler services like SimpleMDM and the free version of Meraki don’t support custom profiles.

Summary

For anyone tasked with managing groups of Macs, large or small, getting to grips with settings management is a must. If it is something you’re considering, I would recommend either terminal commands or configuration profiles.

If you’re looking at using defaults commands (or similar), see if it’s possible with a custom configuration profile to avoid issues with OS X preference caching.

Revise IT announced as a finalist in Surrey Digital Awards 2015

surrey digital awards finalist

Revise IT has come a long way since we launched a series of free revision apps for Apple techs five years ago. Therefore, we are delighted to announce that Revise IT is a finalist in Mobile App Category at the Surrey Digital Awards 2015!

What are The Surrey Digital Awards?

The awards were have been created to “reward innovation and progressive thinking by businesses across the county…” and to provide a “showcase for the hard work of those companies who have embraced online technology.”

Revise IT’s Story

Richard Mallion, our CTO and brains behind the Revise IT app, first came up with the idea when he moved on from writing printer drivers for Mac OS 6 and into development. Once Apple released the SDK, the idea to develop apps for iPhones really grabbed Richard’s attention.

What started out as a hobby, quickly developed into creating apps with a purpose; supporting Amsys and the Mac community. And that’s when the initial revision apps were born.

Consequently, as Richard skills and understanding of iOS development advanced we were able to create our range of now phenomenally popular iOS app development courses!

Revise IT’s Feedback

During its lifetime, Revise IT has received some amazing feedback from the community as well from a number of Apple training companies. As Revise IT was one of the first apps of its kind on the market, it subsequently received a lot of exposure. Both Mac User and Mac World featured Revise IT in their magazines, and it made it to the top 10 on the education list in the App Store.

To date, the App has had around 100,000 downloads!

Revise IT’s Yosemite Update!

When we released 10.9 last year, we were blown away by 18,000 users updating the app almost immediately. For those of you eagerly waiting for 10.10, you’ll be pleased to hear that we’ve just submitted version 10.10 to the App Store. We’re expecting Support and Server Essentials to appear sometime in Feb – Tweet @amsysuk to get an update!

Revise IT’s Future

Last year we included a number of new features, including the ability to share your results on social media platforms along with a new interface for iOS 7. This year, Richard is planning on giving Revise IT a bit of a well-deserved face lift.

Thank You

The awards ceremony is taking place in Surrey on 5th March 2015. And we would just like to thank everyone who has downloaded Revise IT and to the Apple community as a whole as Revise IT wouldn’t exist without you!

Download Revise IT for free here.

Firefox 34 and newer CCK2 lockdown detection Casper Extension Attributes

Hey again!

As mentioned in my previous blog, with version 34 and 35 of Firefox, Mozilla changed the locations for the lock-down files. As a result, my previous Casper Extension Attribute would not correctly detect that the lock-downs are installed for these versions of Firefox.

So I got off my backside and re-wrote it!

Extension Attribute Configuration

The EA configuration is the same as the previous blog , and this should be used.

Extension Attribute Script

Here’s the new script:

firefox 34 extension atrribute configuration

This now breaks down as:

Line 1                         The shebang. Lets the device know it’s a bash script

Lines 4 and 5         The two possible locations for the lock down files

Lines 8 and 9         This section grabs the version number (CFBundleShortVersionString) and strips out all except the first number before the dot.

Line 12                      This runs an ‘if’ statement asking if the number grabbed from lines 8 and 9 above is less than 34

Lines 14 to 17         This echos out the version found, then sets the items to check to the ‘old’ location (e.g. “MacOS”)

Line 18                      If the ‘if’ statement from line 12 is false, another statement runs asking if the number is equal to 34.

Lines 20 to 23       This echos out the version found, then sets the items to check to the ‘old’ location (e.g. “MacOS”) for all except the autoconfig file, which is in the ‘new’ location (e.g. “Resources”)

Line 18                      If the ‘if’ statements from line 12 and line 18 are false, another statement runs asking if the number is greater than 34.

Lines 20 to 23       This echos out the version found, then sets the items to check to the ‘new’ location (e.g. “Resources”).

Line 30                     Close the “if” statement

Line 33                     This runs a multi-input “if” statement. The use of the double pipes (“||”) denotes “or”. If you swapped these for double ampersands (“&&”) is would denote “and”.  So this line says “(if directory ‘$distDir’ does NOT exist) or (if file ‘$overrideFile’ does NOT exist) or (if file ‘$autoconfigFile’ does NOT Exist), do then section between “then” and “else”.

Line 36                     Echo into the Casper EA the word “No”. Essentially if any of those items are missing, then at least part of the customisations are missing and the whole lot should be reinstalled.

Line 39                     Echo into the Casper EA the word “Yes”. If none of those items are missing, then the customisations should be in place and working fine.

Line 40                     Close the “if” statement

Line 42                     Exit the script

Usage

Again, this is identical to my previous blog on this subject.

The only ‘gotcha’ is because of the varying locations; you will need have multiple lock-down installer packages and scope them to devices that are:

a)    Missing the CCK 2 lockdowns

b)    Have Firefox version

  1. 34 for the v34 lockdown package
  2. 35 for the v35 lockdown package
  3. etc

Summary

There you go. I hope it continues to help someone out and saves you some time. As before, attached to this blog is an export of the EA. You can download this, upload it to your JSS and tweak it as desired.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

The technical interview 101 – Part 1

I wanted to write down some thoughts and experiences with interviewing from both the interviewee and the interviewer perspective, which I will be sharing with you over the next few weeks.

Part 1

We should start with the Interviewer finding the right Candidate(s).

A good interview technique will not turn a BAD candidate into a GOOD one!

As the hiring manager, you should be in complete control over who enters the interview process. I wouldn’t advise leaving this to HR or another colleague to decide. I have always found that the more involved the hiring manager is, the better the quality of candidates.

Your ability to conduct a great interview will make it easy to find the skills that the candidate already possesses, but it will not inject skills that aren’t there.

Today I will share the 3 basic considerations that can improve the quality of candidates to interview.

1.    The Job Posting

The best job postings read like an actual human being wrote them. Not jargon-filled nonsense, with more oxymorons and hyperbole than a Daily Mail editorial.

Your job posting should include the spirit of your organization while expressing the personality of you – the hiring manager. A lot of people struggle to understand that this is your sales pitch to your perfect candidate.

A generic, “HR-speak” filled advert normally attracts generic candidate… BUT a Creative, Passionate and Smart advert will generate Creative, Passionate and Smart candidates.

the technical job advert

2. It’s all about your brand.

Have you seen Glassdoor.com?  This is a site that strikes the fear of god into most HR departments.

Here, employees have the chance to anonymously rate and review their past and current employers. We should all be encouraging our employees to use this site! What a fantastic way to gain a real insight to your employees.

Yes, there will be negatives, even if you gave your employees free Haribo and had Puppy Wednesdays. Of course, there would be someone who hates Puppies and Haribo (strange people)!

But this gives the potential candidate(s) a fantastic insight into your business through your current employees, and will only make your business stronger. Plus, the candidates that you then interview, will already feel like a small part of your business. There’s no point in deceiving candidates if internal issue(s) exist as they won’t stay, and that’s a costly hiring technique.

3. Do the legwork

Hiring is a costly and long process that most managers would rather pass onto somebody else. However, you are the key to your own success!

For this reason, work closely with your recruiter. Notice that I said recruiter and not multiple recruiters!

It may seem like a good idea to pass the job to 5 agencies in order to stand a better chance of finding that perfect candidate. When, in fact, it’s actually the opposite as you’re watering down your offering. You and your recruiter should have a symbiotic relationship.

You will have networks and connections that they don’t, and vice versa. Use the hiring process to develop a good relationship with your recruiter or HR department, which will make processes run smoothly while working with them.

The Interview

So, you have your 2, 3, 5 or 20 candidates to interview, all arranged and ready to go.

Now you and your co-interviewers’ task is to use that 60-minute window with the candidate in the most productive way possible. An hour is not a lot of time to decide on your company’s and the candidates’ fate. But it should be enough to get 80% of the way there. After all, hiring people is always going to be 10-20% luck.

I once read somewhere that the best interview format is 5 mins, 25 mins, 25 mins,5 mins with a 5 min buffer.

  • 5 minute warm up
  • 2/4 big questions or problems (25/12 minutes each)
  • 5 minute wrap up

An uncomfortable or defensive candidate will never show their true potential, and an uncomfortable interviewer will never ask the right questions.

Be nice!

An obvious gesture I know, but you would be surprised how few take on board this tactic.

For instance, say the servers have just fallen over, or your C.E.O has just berated you due to your department’s overspend. DO NOT TAKE THAT INTO THE INTERVIEW WITH YOU!

It’s not the candidates fault that you’re having a bad day; they could be the answer to your problems!

You could choose to take a confrontational edge as the interview progresses, but you will never recover a candidate if they are uncomfortable or defensive from the start.

Ask them about their journey, and then move on to a question about their CV. Alternatively, ask them to choose what they think is the best thing from their CV and get them to describe it to you. This is your chance to help them dominate the conversation and to get them pumped

A great interview is a great collaboration

If the job involves spending time with a team and collaborating together. Then it’s important that the interview is also a collaborative process.

An amazing developer that can only work at home on their own is always going to be less valuable to a business in the long run than a good developer who adds value to the entire team. One of my favorite poems was from my days in the army. My huge, angry and aggressive training corporal readout the following John Donne’s poem to us while we were in the water tank at Lympstone.

water tank at lympstoneNo man is an island,
Entire of itself,
Every man is a piece of the continent,
A part of the main.
If a clod be washed away by the sea,
Europe is the less.
As well as if a promontory were.
As well as if a manor of thy friends
Or of thine own were:
Any man’s death diminishes me,
Because I am involved in mankind,
And therefore never send to know for whom the bell tolls;
It tolls for thee.

Being smart is not enough to build a successful team. 

The candidate has to be comfortable communicating their intellect, skill and knowledge to others by being able to take criticism on board and exchange ideas. Not by forcing colleagues in the direction that they perceive to be right.

The problems and questions you pose should include something about how the candidate will be WORKING WITH YOU on a particular project

E.g. “I need to reorganize the internal IT department, and I want to put you in charge. How would you start?”

It’s important that you act as a guide and to collaborate, but do so from a distance. Answer their questions (it’s a great sign if they ask great questions). But only help them to clarify assumptions. DO NOT answer the questions for them unless they are completely stuck or off-topic and need a little nudge to move on.

interview techniques

Know when to Shut IT

It can sometimes be irresistible to spend the 60 minutes talking, after all, you have a captive audience. I could easily talk at someone for 60 minutes, without even noticing. THE MORE TIME YOU SPEND TALKING, THE LESS TIME THEY SPEND DEMONSTRATING THEIR TALENT!

It’s OK to be chatty and tell stories, just have a reason for it.

Keep Notes

There’s no point in starting the interview process if you’re not clear on what you’re looking for.

I would suggest creating an ordered list of the traits you require. They should be in 2 sections.

  1. How they will fit into the Team/Organization – it would be great if you had input from your existing team.
  2. How they will fit into the role in order to succeed.

You should think of yourself as an integrator (a friendly one, let’s say “good cop”). Who is trying to create problems and questions that discover whether the desired skills/talent/traits exists.

Even if hidden, you will find out in that hour.

In my opinion, this is the only attitude that will maximize your chances in making that perfect hire. You do not need to be confrontational or give a tough interview to achieve this – the opposite, in fact. It should be the quality of your questions and your attitude that makes an interview tough.

In the next part, I will go into:

  • Interview questions
  • Concluding the interview
  • The feedback process

OS X Yosemite hidden feature series – Part 2

os x yosemite hidden features part 2

Following on from Part 1 in this Yosemite series, looking at features of Yosemite that are not so well known or perhaps even hidden, Part 2 will focus on added features to the Apple Safari web browser app.

Apple have spent a lot of time on their web browser, and it really is a strong competitor now. And today, I’ve grabbed my favourite little gems!

New Feature 1: Recent Safari Browser History Removal

Previously, Safari would only allow you to remove your browsing history as an all or nothing feature. The only option to clear out recent browser history was to show all your browser history and manually select and delete required websites. A bit of a laborious task.

Well, Yosemite has stepped into change all that. Now you can choose to delete just your last hour of browser history, or perhaps just everything from today, or even the last 48 hours. You can, therefore, preserve your long-term web history while just removing more recent history. I won’t start speculating on the reasons why people may wish to clear out just their last hour or so of web browser history! ;)

So, how do we do this?

Pretty simply actually. In Safari, select the main ‘Safari’ menu or the ‘History’ menu and you will see the option for ‘Clear History and Website Data…’

clear safari browsing yosemite

Once selected, you can choose options from the pull down menu for how much browser history to clear:

clear history preferences safari yosemite

Don’t forget that you can always clear custom-selected browser history by selecting ‘Show History’ from the ‘History’ menu and selecting and deleting just the specific browser links you wish.

New Feature 2: New Private Window

Safari has had a Private Browsing feature for a while. However, it was again an all or nothing option.

If you wanted to browse the web on a computer without Safari tracking what web pages you’ve visited, adding cookies or saving the passwords you’re entering. You had to enable Private Browsing for ALL web tabs and windows and then remember to disable it afterwards.

Yosemite’s Safari has made Private Browsing more convenient.

You can now just enable it in a new browser window, allowing you to perform your unmonitored browsing in one window while leaving all your usual websites open in other windows.

Again this is easy to do once you know how. Just select the ‘File’ menu and choose ‘New Private Window’ (or use the keyboard shortcut of SHIFT + COMMAND + N):

private browsing in safari yosemite

This will open a new Safari browser window that will have private browsing enabled:

private browsing enabled yosemite

Any browsing you perform within this window, including any tabs you create and use, will have its history, cookies and other info deleted once you have closed the window. Plus any tabs you open, will not appear on your other devices if you are using the same iCloud account on multiple Apple devices. (Refer to ‘New Feature 3: Handoff’ from Part 1 in this blog series for more info on this feature).

Any Browser windows you had open prior to opening this new private window, along with any new windows you open with the usual ‘New Window’ or ‘COMMAND + N’ keys, will still work as normal, by auto-filling in your usernames and passwords, creating browser history etc.

As you can see below, this new private window has a dark coloured search field instead of Safari’s default clear white colour. This allows you to remember easily which Safari window is the private browsing window:

private browsing yosemite

New Feature 3: Viewing all Safari Tabs

I’m a big lover of Web tabs instead of having multiple browser windows open. Safari now has a nice feature to show you a clear view of all currently opened tabs in the current window. To do this, you could select ‘Show All Tabs’ from Safari’s ‘View’ menu or use the shortcut keys of ‘SHIFT + COMMAND + \’. But the easiest way, is to select the ‘Show all Tabs’ icon as highlighted in red below:

view all tabs in safari yosemite

Now I have 4 tabs open, 2 of which are from the same website. This new view has a handy feature where it will group Tabs from the same website. (See in the image below that the 2 tabs from www.amsys.co.uk are stacked together.)

Even better, if like me you have a Mac but also an iPhone or an iPad signed into the same iCloud account, this Show All Tabs feature will also show you any open tabs on any of your other iOS devices or even another Mac. (Notice that in the image below it shows the iCloud icon and the name of my iPhone along with the Safari tabs I’m using on my iPhone.)

view all open tabs on devices yosemite

If I now hover my mouse over these tabs from other devices, an ‘X’ will appear on the right allowing me to close those tabs on that device:

close tabs on other devices yosemite

New Feature 4: Recent Share History
yosemite share icon
Nice little titbit this one.

If you use the ‘Share’ icon in the Safari menu bar to send web information to someone either as a message, email, etc., Safari now has a ‘recents’ list. Handy for when you regularly share webpage links with the same person. It will also remember for you HOW you share with that person.

In the below example, I have shared a weblink as an iMessage to myself, which has been sent to my iPhone :

share via safari yosemite

New Feature 5: Favourites View

Most of us regularly visit the same core collection of websites every time we go online. Safari can now learn these for you, allowing you to choose quickly from a ‘favourites’ list.

safari favourites view icon

You can select the ‘favourites view’ icon (see right) in the Safari toolbar, but if you also click on the Smart Search field (where you enter a URL or perform a web search), a grid of icons will then appear displaying your favourite websites and frequently visited websites:

favourites view safari

You can drag out any favourites that you want to delete from the list with the usual ‘puff of smoke’ effect as well as re-order them should you wish.

Should you wish to remove this feature, select the Safari main menu and open the Preferences. Go to the ‘Search’ tab and un-tick the ‘Show Favorites’ option:

remove favourites view yosemite

New Feature 6: Importing bookmarks into Safari

Importing your bookmarks from other web browsers was sometimes not that easy. Even requiring exporting an HTML file first. Safari in Yosemite has improved importing.

You can easily now import Google Chrome or Mozilla Firefox’s configuration files. All you need to do is go to the ‘File’ menu and select ‘Import From’:

import bookmarks safari yosemite

The sub-menu will offer you dedicated options for importing from Chrome and Firefox, as well as the HTML import option:

import chrome firefox safari

Safari supports importing bookmarks, history and passwords from Firefox and bookmarks and history from Chrome:

import bookmarks history passwords safari

New Feature 7: RSS Returns!

In years gone by before social networking kicked off, I used to love using Safari to subscribe to news feeds known as RSS. With the introduction of OS X Mountain Lion, this feature was removed. After the initial moaning, I got over it and found other ways to keep up to date such as following news feeds on Twitter.

For those of you that would like to return to using RSS, Safari in Yosemite has integrated RSS feeds into the Shared Links feature and can also grab links from your Twitter and LinkedIn feeds.

Just click on the RSS link within any website and Safari will bring up a window asking if you would like to add this feed to your Shared Links:

rss feeds safari yosemite

sidebar icon yosemite Once you have added the feed to access your Shared Links, select the Sidebar icon in the Safari toolbar, which is usually next to the back/forward icons (see right), then select the @ icon. Or you can select ‘Show Shared Links Sidebar’ from Safari’s ‘View’ menu. (CONTROL + COMMAND + 3 will also do the trick).

If you have logged into social media accounts such as Twitter and LinkedIn, these will also have their feeds displayed here:

social media rss safari yosemite

apple hot new rss feed safari

Shared links are displayed by the date that they were posted. So you may find RSS feeds and social media feed posts merged.

If you want to remove a site from the Shared Links, follow the steps above to return to the @ tab of the Safari sidebar, and then click on the ‘Subscriptions’ button at the bottom:

remove site from shared links safari

remove feeds from safari

To remove a social media feed, un-tick the box. To remove a RSS feed, select the ‘X’ icon to the left of the feed.

New Feature 8: Clever Searching

Safari has gained the ability to ‘learn’ when you use a search field in any website. You can then use a website’s search feature directly from the main Safari URL/search bar without having to re-visit the specific site first.

Sometimes, Safari is so clever that you may not even need to visit a website and use its search field for Safari to offer you a website’s search field directly in the menu bar.

How can I explain this clearly? Well, a demo usually works.

Imagine that I have Googled the Apple Watch. I have then clicked a link to the Apple website where I have used the search field inside Apple’s webpage (The Magnifying Glass icon) to find all articles hosted directly on Apple’s website regarding the watch:

clever searching safari

Safari will now have learned that I have searched within www.apple.com for the term ‘watch’.

I can now perform this same search quicker next time by simply typing in ‘apple watch’ into Safari’s main smart search field as shown below:

smart search field safari

Notice that Safari has suggested www.apple.com/uk/watch/ and as well as searching discussions.apple.com for ‘watch’ which is exactly what I did manually.

Want to remove this feature?

Select the Safari main menu and open the Preferences. Go to the ‘Search’ tab and un-tick the relevant option(s):

remove safari smart search

Quick Website Search has a ‘Manage Websites’ button that allows you to view and remove the website that it has remembered you used in their internal search systems:

quick website search safari

New Feature 9: Where’s the full URL gone?

Finally, I wanted to mention a cheeky trick Safari now does with URL names. It now only shows you the main URL of a site or its domain name.

The idea here is to protect users from phishing scams by showing you just the base URL a web link has come from.

For example, if I visit https://www.apple.com/watch/apple-watch-edition/ and look at the Safari address bar, all I will see is ‘Apple Inc’:

short urls sarfari

Now the good news is that I now know that the link I am going to is officially from Apple. But I can’t see the full URL. Now you can just click on the base URL info, and it will expand to give you the full URL address. But if you wish to see the full URL by default, you just need to know where to enable it.

Select the Safari main menu and open the Preferences. Go to the ‘Advanced’ tab and Tick ‘Show full website address’:

see ful url safari

I hope you are finding this blog series useful, the features i am discussing are just a collection of the ones that I have discovered and found useful and is not a complete feature list.

Remember, Apple has a decent overview of the main new features of OS X Yosemite on their website.

Read part 3 and 1.

Don’t forget, if you would like to learn more about OS X or just the Mac in general, then take a look at our collection of introductory training courses.

We also have a large collection of Mac Support and iOS IT courses, which you may also find useful.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.1 and iOS v8.1.2 which were the latest Mac OS and iOS releases at the time of writing.

Exporting Users from OS X Server for Yosemite

With the release of OS X Server for Yosemite, Apple retired Workgroup Manager, thus leaving us System Admins no GUI method of exporting users and groups out of the server.

The old Workgroup Manager tool gave us the ability to both export and import users / group records, the Server app can just import users.

But not all is lost. We have a bunch of command line tools that allow us to interact with the user directories. In particular we have the dsexport command.

dsexport allows us to export records from our user directories to compatible files that the Sever app can use.

The command has the following three main arguments:

  • The path to the output file you wish to create
  • The path to the OpenDirectory node that contains the records you wish to export
  • The type of records we wish to export.   For example, dsRecTypeStandard:Users  or  dsRecTypeStandard:Groups

There are a couple of additional arguments you can supply, which include the ability to filter certain attributes for each record you wish to exclude and also a list of records you wish to export.

Exporting Users:

So, here are a few examples of exporting users.

1. To export all users from the local directory to a file called “exportedUsers.out”

dsexport   exportedUsers.out   /Local/Default   dsRecTypeStandard:Users

2. To export all users from the OpenDirectory LDAP node to a file called “exportedUsers.out”

dsexport   exportedUsers.out   /LDAPv3/127.0.0.1   dsRecTypeStandard:Users

By default, all users are exported, including system, accounts. There’s nothing stopping you from editing this file and removing any accounts you wish. However, you can supply a list of users you wish to export with the -r parameter.

3. To export any user whose name is richard or oliver from the OpenDirectory LDAP node to a file called “exportedUsers.out”

dsexport   exportedUsers.out   /LDAPv3/127.0.0.1   dsRecTypeStandard:Users  -r  richard , oliver

Exporting Groups:

Here are a few examples of exporting group records.

1. To export all groups from the local directory to a file called “exportedGroups.out”

dsexport exportedGroups.out /Local/Default dsRecTypeStandard:Groups

2. To export just the admin and staff group from the OpenDirectory LDAP node to a file called “exportedGroups.out”

dsexport   exportedGroups.out   /LDAPv3/127.0.0.1  dsRecTypeStandard:Groups -r admin , staff

Importing:

Once you have generated these files, you can then import them back into a new / replacement server if required.

  • You can use the Server app and import the file using the GUI
  • Or you can use the dsimport command line tool.

In its basic form, dsimport just requires:

  • The path to the text file you wish to import
  • The path to the directory node you wish to import into

As well as these basic two arguments, we also have some nice options to handle conflicts:

O    overwrite any records that have the same ids

M  Merge import date with existing records, or create the record if it does not exist

I  Ignore records that have conflicting ids

So to reimport our file, but ignore records that already exist we could use:

dsimport exportedUsers.out /LDAPv3/127.0.0.1  I

Thanks for reading, I hope that this blog is of some use.

Changes to CCK 2 usage with Firefox 35

UPDATE 18/04/15: Added a line regarding the “cck2.cfg” file that I missed!

Hello again. Apologies in advance for another blog on Firefox but with a combination of frequent updates and Mozilla (again) changing where the files need to be placed to use CCK, I felt it was needed.

*Sigh* Firefox is starting to feel like Adobe Flash Player… [/personal whine]. To take full advantage of this blog, please open this page in another tab too.

Introduction

Firefox Version: 35.0.0
CCK Version: 2.0.9
Date written: 15/01/15

The first of the latest change was actually with version 34, where the Mozilla developers changed where the “/Defaults/Firefox/Contents/Resources/defaults/pref” files go. These were shifted to “./Firefox.app/Contents/Resources/” instead of “./Firefox.app/Contents/MacOS/”.

With the latest version (v35), now ALL of the CCK produced files need to go into this new location.

First: Credit where credit is due

Previously, I’ve had to discover the majority of this information through trial and error and a lot of Googling, hence my effort to document my findings. However, at the start of December I found I wasn’t alone! A thread on JAMF Nation started by Tim Arnold documented the changes to CCK use with Firefox version 34.

Following on from this, a number of others contributed to show their own methods and information for CCK 2 usage, including that for Firefox version 35 once released.

It is from this forum thread the vast majority of the information below has been obtained.

So…what’s new?

Right, to prepare Firefox v35 for deployment, firstly I recommend following my previous blog “Locking down Firefox with CCK 2″ until step 47.

Here, replace step 47 with:

Navigate to the “Contents” > “Resources” folder within the bundle.

Ensure to copy the “cck2.cfg” file from your autoconfig.zip into this location, then continue the guide.

This new location will have all of the usual files previously located in “Contents” > “MacOS”. Once here, dump / install the CCK 2 files as directed in the remainder of the previous post. It should result in something like the below screenshot (depending on the lock downs you’ve configured):

change to cck2 firefox 35

Testing

This new location will have all of the usual files previously located in “Contents” > “MacOS”. Once here, dump / install the CCK 2 files as directed in the remainder of the previous post. It should result in something like the below screenshot (depending on the lock downs you’ve configured):

Summary

Thanks for taking the time to read my latest in a line of never ending Firefox posts! : P

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Creating your first boot script

Why create a first boot script?

Anyone who is using the modular deployment technique will have hit the first stumbling block very early on. If you’re deploying an unbooted, unconfigured OS, how do you get it past the Apple setup assistant? After getting past this hurdle, lots of other questions start cropping up like “how do I get the Mac localised for my geographical region?” and “how do I add a local admin account?”

There are a bunch of different approaches people are using but the most popular by far is a first boot script. This is a script that is set to run on first boot, after the OS has been deployed / installed, that sets up all of these extra items so the Mac is ready for use.

Why should I build my own and not just use one I find on the Internet?

There are lots of good sources of example first boot scripts shared by the community and as long as you trust the source there is nothing wrong with using what you find. The goal of this blog is to demystify some of the first boot script contents and help you to learn how to create your own, or at the very least, understand the code that is included in others.

What language should you use for the script?

Technically speaking, any language that the Mac can understand would be OK. I generally use bash as it has most of the commands I need already built-in.

Most of the examples I’ve seen posted by other Mac admins have been in bash so although you could go for perl, python or something else, you may find getting help with tricky problems a bit of a challenge (I’m sure some perl and python masters out there will strongly disagree but this is just my opinion!)

What should I use to write the script?

You need a simple text editor for this task. I would avoid applications like TextEdit and definitely stay away from Word or other word processing apps. I have used Fraise for quite a few years and have recently started using Sublime Text. Other good options are Text Wrangler and BBEdit. In addition to these being basic text editors, they color code your text really nicely so you can see what’s a variable, a string, a comment etc.

a good text editor

User Template and Existing Users

There are quite a few settings that are per-user.  This means that some settings are stored in a preference file in each users home folder (i.e. /Users/dave/Library/Preferences/co.uk.amsys.mygreatsetting.plist, rather than /Library/ Preferences/co.uk.amsys.mygreatsetting.plist).

As a lot of you will already know, home folders are (by default) stored in /Users and when a new user logs in, the home folder is created from the template in /System/Library/User Templates.  There are a few different techniques people like to use to get their custom settings into the users home Library:

  • Use a LaunchAgent to write in the setting during login - This is a newer technique and it involves adding the settings to a script that will run at login, rather than as a first boot item. I have to say that I’m not a fan of this method mainly due to its consistency.  There is a lot going on at login and in the past I have had mixed results trying to configure user level settings quickly enough for them to always apply for every user at every login.
  • Write the data into the user template - This is my current preferred method.  Run the commands as part of the first boot script straight into the user template folders.  Any new users will then get these settings by default.

If you do use the user template method, you may need to write the data into any pre-existing home folders (for any users that logged in before you made the change).  In theory, if you have just deployed the Mac, there shouldn’t be any, but it is worth including the code so you can also use it on machines that have been in use for a while. 

My method for this is to loop through any folders found in /Users (as documented here). 

Some people have commented that it is better to read the value from the directory service.  That would also work, although it would pick up all of the system users, which would then need excluding.  My personal preference is to just go for what’s in /Users.  If I put the homes in a non-standard location, I can easily change the path for that particular environment).

I wanted to include this explanation regarding users and preferences in home folders so it adds some context around the code included in this blog.  There’s no particular right or wrong way really so go for which every method you prefer, as long as you get to where you need to be.

Commands Used

In my first boot scripts, the main commands I’m using are:

  • /usr/sbin/sysadminctl - Available in 10.10.x, used to add local accounts
  • /usr/sbin/systemsetup - Used to set NTP servers, time zones and other clock options (and lots of other things)
  • /usr/libexec/PlistBuddy - Used for reading and writing data into xml arrays
  • /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart – ARD command-line tool
  • /usr/bin/defaults – Used to read and write xml keys in plist files
  • /usr/sbin/spctl - For switching Gatekeeper on and off

Other Unix Features

  • Functions – Used to simplify the repetition of chunks of code
  • Loops – Used to repeat code based on pre-defined criteria (in this case the contents of folders)

A Quick Note About The Loops Used in The Example Script

You will notice in our example that we run very similar loops over and over again.  This isn’t necessarily the most efficient use of the code, which could be shorter.  The main reason for laying it out this way is to make each section of the script self-contained. 

This will enable you to chop out specific sections that interest you.  In reality, when we are writing a series of commands into the user template folder and existing user home folders, we would run them all in a single loop.  In this example we didn’t want you to have to find the bits you need hidden amongst other lines of unrelated code.

First boot script, step-by-step

Creating a local admin account

There are a couple of ways you can go about creating a local admin user.  One of my favorites for the past year or two has been CreateUserPkg.  This app lets you specify the account details and will generate a pkg from the resulting code that you can include in your deployment workflow.  Prior to this I was running a series of unfriendly dscl commands so this was much easier.

Since 10.10, a new command-line binary has been included called sysadminctl.  This binary lets you create and manage local user accounts.  In my 10.10 first boot script I just include a line like this:

sysadminctl -addUser localadmin -fullName “Local Admin” -UID 499 -password “apassword” -home /var/localadmin -admin

As this is a new command, here is the step-by-step breakdown:

  • Specifying the unix command to run: sysadminctl
  • Telling it I want to add a user account with the name “localadmin”: -addUser localadmin
  • Telling the command that I want the fullname to be “Local Admin”: -fullName “Local Admin”
  • Setting the UID to 499 (classed as a system account below 500): -UID 499
  • Setting a password: -password “apassword”
  • Specifying the home folder location (in a hidden directory): -home /var/localadmin
  • Specifying that I want the account to be an admin: -admin

Setting time zone and time server

There are a few different steps needed to get the time configured. For each of these commands we are using the systemsetup command line tool.  systemsetup can configure all sorts of things like sleep settings, the time, and the computer name. To see all of its options use systemsetup -help.

For our first boot script, first we need to set the time zone:

/usr/sbin/systemsetup -settimezone "Europe/London"

You can use systemsetup -listtimezones to get a full list of the available time zones.

Next I set the Mac to use a time server.  This isn’t specifying the actual time server (that’s in the next command), but rather its just saying “use a time server”:

/usr/sbin/systemsetup -setusingnetworktime on

Finally I tell the Mac which time server to use:

/usr/sbin/systemsetup -setnetworktimeserver "ntp.amsys.co.uk"

If you’re not sure which time server to use, you can always set it to your AD domain controller (if you have one) as they are configured to be time servers by default.

Region, keyboard and language

There are three separate elements we have to work on:

  • The keyboard layout
  • The language
  • The region (for the default currency etc.)

In this example I’ll be setting the Mac to use the British keyboard layout, en language and en_GB region.

The Keyboard Layout

This first part (in fact all three parts of the localization settings) require the use of plistbuddy.  This is because the data is stored in arrays.  While it might be possible with the defaults command, plistbuddy is the right tool for the job.

This part of the script is broken into two parts, first we create the function that will perform the actual task:

 
PLBUDDY=/usr/libexec/PlistBuddy
NAME="British"
LAYOUT="2"
 
update_kdb_layout() {
  ${PLBUDDY} -c "Delete :AppleCurrentKeyboardLayoutInputSourceID" "${1}" &>/dev/null
  if [ ${?} -eq 0 ]
  then
    ${PLBUDDY} -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${NAME}" "${1}"
  fi
 
  for SOURCE in AppleDefaultAsciiInputSource AppleCurrentAsciiInputSource 
AppleCurrentInputSource AppleEnabledInputSources AppleSelectedInputSources
  do
    ${PLBUDDY} -c "Delete :${SOURCE}" "${1}" &>/dev/null
    if [ ${?} -eq 0 ]
    then
      ${PLBUDDY} -c "Add :${SOURCE} array" "${1}"
      ${PLBUDDY} -c "Add :${SOURCE}:0 dict" "${1}"
      ${PLBUDDY} -c "Add :${SOURCE}:0:InputSourceKind string 'Keyboard Layout'" "${1}"
      ${PLBUDDY} -c "Add :${SOURCE}:0:KeyboardLayout\ ID integer ${LAYOUT}" "${1}"
      ${PLBUDDY} -c "Add :${SOURCE}:0:KeyboardLayout\ Name string '${NAME}'" "${1}"
    fi
  done
}

This function will delete the current keyboard layout entry (if present) and add in the new entries.

Next we set the keyboard layout in /Library/Preferences and in each user’s home directory. The setting is stored in the com.apple.HIToolbox.plist file.

update_kdb_layout "/Library/Preferences/com.apple.HIToolbox.plist" "${NAME}" 
"${LAYOUT}"
 
for HOME in /Users/*
  do
    if [ -d "${HOME}"/Library/Preferences ]
    then
      cd "${HOME}"/Library/Preferences
      HITOOLBOX_FILES=`find . -name "com.apple.HIToolbox.*plist"`
      for HITOOLBOX_FILE in ${HITOOLBOX_FILES}
      do
        update_kdb_layout "${HITOOLBOX_FILE}" "${NAME}" "${LAYOUT}"
      done
    fi
done

Setting the OS language

Similar to the keyboard layout, we create a function to set the language:

LANG="en"
 
update_language() {
  ${PLBUDDY} -c "Delete :AppleLanguages" "${1}" &>/dev/null
  if [ ${?} -eq 0 ]
  then
    ${PLBUDDY} -c "Add :AppleLanguages array" "${1}"
    ${PLBUDDY} -c "Add :AppleLanguages:0 string '${LANG}'" "${1}"
  fi
}

Then we use a loop script to write the value into /Library/Preferences and each user’s home folder. The language setting is stored in the .GlobalPreferences.plist file.

update_language "/Library/Preferences/.GlobalPreferences.plist" "${LANG}"
 
for HOME in /Users/*
  do
    if [ -d "${HOME}"/Library/Preferences ]
    then
      cd "${HOME}"/Library/Preferences
      GLOBALPREFERENCES_FILES=`find . -name "\.GlobalPreferences.*plist"`
      for GLOBALPREFERENCES_FILE in ${GLOBALPREFERENCES_FILES}
      do
        update_language "${GLOBALPREFERENCES_FILE}" "${LANG}"
      done
    fi
done

Setting the region

Finally we need to set the region (for default currency and a few other values).

As before, it’s another function:

REGION="en_GB"
 
update_region() {
  ${PLBUDDY} -c "Delete :AppleLocale" "${1}" &>/dev/null
  ${PLBUDDY} -c "Add :AppleLocale string ${REGION}" "${1}" &>/dev/null
  ${PLBUDDY} -c "Delete :Country" "${1}" &>/dev/null
  ${PLBUDDY} -c "Add :Country string ${REGION:3:2}" "${1}" &>/dev/null
}

Followed by a script to set the values in /Library/Preferences and each user’s home:

update_region "/Library/Preferences/.GlobalPreferences.plist" "${REGION}"
 
for HOME in /Users/*
  do
    if [ -d "${HOME}"/Library/Preferences ]
    then
      cd "${HOME}"/Library/Preferences
      GLOBALPREFERENCES_FILES=`find . -name "\.GlobalPreferences.*plist"`
      for GLOBALPREFERENCES_FILE in ${GLOBALPREFERENCES_FILES}
      do
        update_region "${GLOBALPREFERENCES_FILE}" "${REGION}"
      done
    fi
done

Apple Remote Desktop

Apple Remote Desktop has a number of options available that can be configured via a first boot script. The command-line tool is buried in the System Library so it is worth setting its location to a variable to make the other commands a bit more readable:

ARD="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"

First off we will need to switch ARD on:

$ARD -configure -activate

Next we need to lock the service down to specific users and decide what they can and can’t do.

$ARD -configure -access -on
$ARD -configure -allowAccessFor -specifiedUsers
$ARD -configure -access -on -users localadmin -privs -all

These options will enable access for the Macs local accounts, ensure that only the specified users can get access, and then sets specific options for the localadmin account.

The -privs all tells ARD that localadmin is allowed to use all of the sub-options available in ARD. Other options for -privs include:

-none
-DeleteFiles                                                                     
-ControlObserve                                                                 
-TextMessages                                                                   
-ShowObserve                                                                     
-OpenQuitApps                                                                    
-GenerateReports                                                                 
-RestartShutDown                                                                 
-SendFiles                                                                            
-ChangeSettings                                                                  
-ObserveOnly    
-mask <mask>

It is important to ensure that ARD can only be used by specified users. This is due to a security loophole with the “all users” option. When ARD is set to allow all users, this includes all users in any directory the target Mac is bound to. In the ARD app, you can send Unix commands as the root user. If all users are allowed to use ARD, this means that a non-admin domain user could send root commands to the Mac.

There are a lot more options available in the kickstart binary. Use the -help option to see the full list.

Tip: Make sure you include the ARD code AFTER creating the local admin user account (it can’t give access to a user that doesn’t exist).

Enabling SSH access

Either in addition to, or instead of ARD, you can enable SSH access with the following command:

systemsetup -setremotelogin on

Setting up the Login Window

There are a few options we normally configure for the Login Window.

First off we like to set it to username and password text fields rather than displaying a list of local users. This can be set with a one-line command:

/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool 
true

The second change is to allow admin host information to be visible. When this is enabled, you can click the hostname in the top right corner of the screen to get other information such as the Mac’s IP address:

/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo 
HostName

Finally, we disable External Accounts at the Login Window. External Accounts were introduced with an earlier version of Mac OS X (I can’t remember exactly which one but it was around 10.5) that allows you to store a user account and its home folder on an external drive. When you plug in the drive (after entering admin account details), the user can log in with the external account.

This isn’t a feature we want enabled so we disable it with the following command:

/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow 
EnableExternalAccounts -bool false

Disable iCloud Setup at login

The next alteration is to stop the iCloud setup screen appearing when users log in to the Mac. This is particularly useful in education environments as the students would not normally (certainly in shared device setups) need to login with an iCloud account.

This setting has always been a little tricky to configure as it changes depending on the OS version of the Mac. Thanks to Rich Trouton’s code, the following information can be written into the com.apple.SetupAssistant.plist file in each user’s home folder:

First we get the OS version and save the info into a variable:

osvers=$(sw_vers -productVersion | awk -F. '{print $2}')
sw_vers=$(sw_vers -productVersion)

Next we write the value into the files in the user template:

for USER_TEMPLATE in "/System/Library/User Template"/*
	do
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool 
TRUE
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant 
LastSeenCloudProductVersion "${sw_vers}"
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant 
LastSeenBuddyBuildVersion "${sw_build}"
	done

Finally we write the value into any existing user home folders in /Users:

for USER_HOME in /Users/*
	do
		USER_UID=`basename "${USER_HOME}"`
		if [ ! "${USER_UID}" = "Shared" ] 
		then 
		if [ ! -d "${USER_HOME}"/Library/Preferences ]
		then
			mkdir -p "${USER_HOME}"/Library/Preferences
			chown "${USER_UID}" "${USER_HOME}"/Library
			chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
		fi
		if [ -d "${USER_HOME}"/Library/Preferences ]
		then
			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool 
TRUE
			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}"
			chown "${USER_UID}" 
"${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant.plist
		fi
	fi
	done

Disable diagnostics at login

A second prompt that OS X has started offering at login is whether the user would like to submit diagnostic information. In a lot of our setups this isn’t something we want to ask the user so we disable it using a similar method to iCloud, although in this case we are back to plistbuddy as the information is stored in an array:

We normally use two variables for submitting info to Apple and to developers. This is just to make it easy to toggle them on and off as needed:

SUBMIT_TO_APPLE=NO
SUBMIT_TO_APP_DEVELOPERS=NO

Then the main body of the script:

PlistBuddy="/usr/libexec/PlistBuddy"
os_rev_major=`/usr/bin/sw_vers -productVersion | awk -F "." '{ print $2 }'`
if [ $os_rev_major -ge 10 ]; then
  CRASHREPORTER_SUPPORT="/Library/Application Support/CrashReporter"
  CRASHREPORTER_DIAG_PLIST="${CRASHREPORTER_SUPPORT}/DiagnosticMessagesHistory.plist"
 
  if [ ! -d "${CRASHREPORTER_SUPPORT}" ]; then
    mkdir "${CRASHREPORTER_SUPPORT}"
    chmod 775 "${CRASHREPORTER_SUPPORT}"
    chown root:admin "${CRASHREPORTER_SUPPORT}"
  fi
 
  for key in AutoSubmit AutoSubmitVersion ThirdPartyDataSubmit 
ThirdPartyDataSubmitVersion; do
    $PlistBuddy -c "Delete :$key" "${CRASHREPORTER_DIAG_PLIST}" 2> /dev/null
  done
 
  $PlistBuddy -c "Add :AutoSubmit bool ${SUBMIT_TO_APPLE}" 
"${CRASHREPORTER_DIAG_PLIST}"
  $PlistBuddy -c "Add :AutoSubmitVersion integer 4" 
"${CRASHREPORTER_DIAG_PLIST}"
  $PlistBuddy -c "Add :ThirdPartyDataSubmit bool ${SUBMIT_TO_APP_DEVELOPERS}" 
"${CRASHREPORTER_DIAG_PLIST}"
  $PlistBuddy -c "Add :ThirdPartyDataSubmitVersion integer 4" 
"${CRASHREPORTER_DIAG_PLIST}"
fi

Disable Time Machine Popups Offering for New Disks

When you plug in an external drive to a Mac, it will automatically offer to use it as a Time Machine destination. While most users would know which option to select, it is often not worth the risk. You can disable Time Machine offering new disks for backup with the following command:

 /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine 
DoNotOfferNewDisksForBackup -bool true

Turn off Gatekeeper

This is possibly a questionable command from a security perspective. Personally I like to keep Gatekeeper in its strictest setting, as I can manually allow new apps if needed. In some situations however you may want to disable Gatekeeper so that your install PKGs and other apps can run without warning messages. To configure this setting use the following command:

spctl --master-disable

This is only advisable if you have good control over who can run and install what on the Macs. If your users are admins, or if they use the Macs on unfiltered Internet connections, this might not be such a good idea.

For more information about Gatekeeper, take a look at these previous blogs:

Turn on right-click

We often get requests to enable right-click by default. This is another one that needs to be set in the user template for any new users and the existing home folders for any users that have already logged in:

To add the setting to the user template:

for USER_TEMPLATE in "/System/Library/User Template"/*
	do
	/usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.driver.AppleHIDMouse Button2 -int 2
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse MouseButtonMode -string TwoButton
    /usr/bin/defaults write 
"${USER_TEMPLATE}"/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad TrackpadRightClick -int 1
done

To add it to existing user home folders:

for USER_HOME in /Users/*
	do
		USER_UID=`basename "${USER_HOME}"`
		if [ ! "${USER_UID}" = "Shared" ] 
		then 
			if [ ! -d "${USER_HOME}"/Library/Preferences ]
			then
			mkdir -p "${USER_HOME}"/Library/Preferences
			chown "${USER_UID}" "${USER_HOME}"/Library
			chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
			fi
			if [ -d "${USER_HOME}"/Library/Preferences ]
			then
				killall -u $USER_UID cfprefsd
				/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.driver.AppleHIDMouse Button2 -int 2
    			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse 
MouseButtonMode -string TwoButton
    			/usr/bin/defaults write 
"${USER_HOME}"/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad 
TrackpadRightClick -int 1
			fi
		fi
done

Turn off restore windows

If you don’t want application windows to automatically re-open when apps are re-launched, you can use the following script:

for USER_TEMPLATE in "/System/Library/User Template"/*
	do
	/usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/ 
.GlobalPreferences NSQuitAlwaysKeepsWindows -boolean FALSE
done

To add it to existing user home folders:

for USER_HOME in /Users/*
	do
		USER_UID=`basename "${USER_HOME}"`
		if [ ! "${USER_UID}" = "Shared" ] 
		then 
			if [ ! -d "${USER_HOME}"/Library/Preferences ]
			then
			mkdir -p "${USER_HOME}"/Library/Preferences
			chown "${USER_UID}" "${USER_HOME}"/Library
			chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
			fi
			if [ -d "${USER_HOME}"/Library/Preferences ]
			then
			killall -u $USER_UID cfprefsd
			/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/ 
.GlobalPreferences NSQuitAlwaysKeepsWindows -boolean FALSE
			fi
		fi
done

Stop writing .DS_Store files on the network

This is one for the Windows admins. To stop the Mac clients leaving a trail of .DS_Store files on network drives, use the following:

for USER_TEMPLATE in "/System/Library/User Template"/*
	do
	/usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/.GlobalPreferences DSDontWriteNetworkStores -bool TRUE
done

To add it to existing user home folders:

for USER_HOME in /Users/*
	do
		USER_UID=`basename "${USER_HOME}"`
		if [ ! "${USER_UID}" = "Shared" ] 
		then 
			if [ ! -d "${USER_HOME}"/Library/Preferences ]
			then
			mkdir -p "${USER_HOME}"/Library/Preferences
			chown "${USER_UID}" "${USER_HOME}"/Library
			chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
			fi
			if [ -d "${USER_HOME}"/Library/Preferences ]
			then
			killall -u $USER_UID cfprefsd
			/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/.GlobalPreferences DSDontWriteNetworkStores -bool TRUE
			fi
		fi
done

Set the Users Homepage


Safari home pages can be set various different ways. I have often included this in first run scripts so I can be sure that new windows and tabs are behaving just as I need them:

HOMEPAGE="www.amsys.co.uk"
 
for USER_TEMPLATE in "/System/Library/User Template"/*
	do
	/usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.Safari.plist HomePage -string "$HOMEPAGE"
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.Safari.plist NewTabBehavior -integer 0
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -integer 0
done
 
# Existing users
killall cfprefsd
for USER_HOME in /Users/*
	do
		USER_UID=`basename "${USER_HOME}"`
		if [ ! "${USER_UID}" = "Shared" ] 
		then 
			if [ ! -d "${USER_HOME}"/Library/Preferences ]
			then
			mkdir -p "${USER_HOME}"/Library/Preferences
			chown "${USER_UID}" "${USER_HOME}"/Library
			chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
			fi
			if [ -d "${USER_HOME}"/Library/Preferences ]
			then
				echo "Working on home folder preference file: ${USER_HOME}/Library/Preferences/com.apple.Safari.plist"
				mv "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist_bak
				/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist HomePage -string "$HOMEPAGE"
    			/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist NewTabBehavior -integer 0
    			/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -integer 0
    			chown $USER_UID "${USER_HOME}"/Library/Preferences/com.apple.Safari.plist
			fi
		fi
done

The numbers after the -integer option refer to specific settings accepted by the Safari preference file:

0 – Homepage
1 – Empty Page
2 – Same Page
4 – Top Sites

Example Completed Script

If you would like to test out a completed version of this script you can find it on our Github page

Read “Creating Config Profiles instead of a First Boot Script” next

Getting the LDAP distinguished name for an AD user

Sometimes when I’m integrating Macs (and other systems) with Active Directory they ask for the full LDAP distinguished name of the user I’m using to authenticate. This is the user name in the traditional LDAP format:

cn=username,ou=something,DC=amsys,DC=com (for example).

In some cases, if it’s a fairly vanilla and small AD install you can take an educated guess from the domain name and the name of the user. In other cases, if the AD structure is quite complex you need to know exactly what it is. Here is my quick method for grabbing the information.

Using a Windows computer (doesn’t matter whether it is a server or a client), open the Computer Management Console by select Start > Run, typing computermgmt.msc and hitting return.

computer management console ad integration

Expand Users & Groups, select groups and open the properties screen for one of the groups.

In the Properties window, click Add.

expand users and groups

In the Select Users window, click Advanced.

In the Select Users window, search for the admin user name and select to show the X500 name in the attributes to display (which is the full distinguished name).

That’s it. The search will return the full distinguished name.

OS X Yosemite certified courses arrive at Amsys

os x yosemite logoHappy New Year! I hope that you had a wonderful break, are fully rested and ready to embrace what 2015 has to offer!

Just before Christmas, Mandy and I scheduled our very first set of 10.10 Apple Certified course dates, the first of which can be found below.

Call 0208 645 5806 or email training@amsys.co.uk for more information.

Look forward to seeing you on a course soon!


Amsys’ First OS X Yosemite Certified Course Dates 

 

OS X Support Essentials 10.10

os x yosemite support essential course datesLearn how to support and troubleshoot Mac devices running Apple’s latest OS X, Yosemite. This 3 day certified course will teach you the key skills needed to successfully troubleshoot 10.10 for your users.
Plus, take and pass the exam to receive your ACSP!

 

 

OS X Server Essentials 10.10

os x yosemite server essential course datesThis 3 day certified course will teach you how to integrate and administer OS X Yosemite server. Take this course to achieve 10.10 ACTC status. The highest certification that Apple awards!

 

 

Mac Integration Basics 10.10

os x yosemite mac integration course datesThis course has been created for techs who are responsible for introducing a Mac device(s) into a small business environment that’s predominantly Windows-based. The course to take to learn how to integrate Mac(s)!

 

 

Mac Management Basics 10.10

os x mac management 10.10 trainingDo you have a collection of Macs that need to be configured and managed, but don’t know where to start? Do you know what’s involved and how to ensure you can keep your Mac estate up to date?
If not, then attend the Mac Management Basics course.

 

 

Swift London – 1 Hr Beginner Workshop

swift london meetup

Founded on 5th of June 2014, the meet up group, Swift London has grown into a collaborative community of beginner and advanced developers, eager to learn more about the Swift programming language.

Over the last 6 months, the group has held a series of events, alternating between talks and hands-on sessions, culminating in their brilliant Christmas Party, whereby developers from across the UK showcased their experiences with Swift.

This month, we’re delighted to announce that Amsys will be co-hosting Swift London’s first Swift for Beginners workshop on the 19th of January.

When: 19th January 2015 (18:30 – 20:30)
Where: London

// Please register now if you want to attend as this event will be fully booked within the next 24 hours. //

Best Practices in 2015: Modular Deployment & Patch Management

Whether you have already deployed Macs in your organisation or you are trying to work out how to do it, one of our recommendations is to adopt a solid deployment and patch management approach from the start.

This topic breaks into a number of smaller methodologies described in one of our earlier blogs.

When you are starting to look at refining your deployment processes, there are a few things to take into account:

  • To get the Macs initially setup and useable you will need the ability to deploy your line of business apps
  • You will need to be able to patch this line of business apps and other parts of the system

It is worth pointing out that the time or money invested in improving these systems is often relative to the size of organization.  If you are a startup with 1 or 2 employees you probably aren’t going to rush into setting up a deployment system, but as your business grows, the time lost manually setting up machines and the risks associated with not patching them will grow.

Deploying line of business apps

The first recommendation is to set up a system that can deploy apps from a central point to each of your organisations Macs.  There are lots of different tools available and setting one up will mean you don’t have to touch each computer when you want to deploy new apps.

The key idea is to add the app installers to the deployment server and then “enroll” each computer so they can receive the packages.  You can then choose whether the deployment happens automatically or if they are presented to the user in a self service interface.

What tools can you use?munki guide

There are lots of options on the server side to accomplish this including Munki, Casper, Bushel, Absolute Manage & FileWave to name a few.  Our preference is either Munki or the Casper Suite.

The choice of one over the other will depend on budget, and the technical level of the operator (Casper has a slightly easier learning curve and being a commercial product, is backed by a thorough training programme).

For both of these tools and other programmes, the basic concept involves packaging each of your apps, adding them to the server and then configuring them to be deployed to the Macs.    The level of difficulty will really depend on the app you are packaging.

In some cases, if you don’t need any customisations made to the app, you can just drop in the installer straight from the vendor.  In other cases, strange licensing / activation processes, per user customisations and additional settings can make the packaging more complex.

volume purchase programmeA Note About The Mac App Store

Getting apps from the Mac App Store is a little different.  Many of you will have used the App Store to purchase individual apps and while you can still do that with your business computers, it can be more efficient to sign-up for a VPP account from Apple and use a deployment tool.

There are two methods we have been using recently to get the apps from the app store and onto the Macs.  The first is to re-package the app into an Apple installer file and distribute with a deployment server like Munki or Casper.

The main benefit is a zero-touch process for the end-users.  You can silently push the apps to the devices without user interaction, removing the need to manually configure each machine.  The downside is that updates for these apps are tied to the original Apple ID so you will need to look after the patching as well.jamf software

The second app store technique involves the Casper Suite from JAMF Software.  They have a neat feature that allows you to deploy Mac App Store apps in their self service portal.

The process is much easier than repackaging, although it does require a little more user interaction.  It has the added benefit of presenting all available apps (including non-app store apps) to the user in a single interface.

Patching and software updates

A lot of people consider the ongoing patch management of Mac OS X and the deployed apps even more important than the initial deployment.  The logic could be a little off as without the core business apps the Macs aren’t really much use, but I would agree that just focusing on getting the apps out without considering how you will keep things up to date is a bad idea.

If you ignore all updates, as well as being vulnerable to all sorts of attacks, you are putting off the inevitable.  The task of updating just keeps growing until it becomes a major project.

The tools and techniques used for patching Mac OS X, and your business apps go hand in hand with the initial deployment, with a few additions.  The goal is to be able to deploy updates to the base OS and third party apps with the minimum of fuss.

firefoxFor apps like Firefox, there is no delta installer, you will just be deploying the whole thing, in which case you would add it to your deployment server just as if you were deploying it for the first time (note: make sure you aren’t deleting user settings such as bookmarks in the process).

The same applies for lots of other delta updates like the Microsoft Office patches; the only difference is the requirement for the original program to be on the machine before the update is run.

For Apple updates, a traditional Software Update Server still works best.  You can set this up with a Mac running the server app, or if you are feeling more adventurous (or would rather run the service on non-apple hardware), you could use Reposado.

A Software Update Server lets you enable new updates to the base OS and Apple apps once you have tested them, avoiding deploying a potentially harmful update from disrupting the Macs.

The final option to streamline the patching process is to use AutoPKG.  This service lets you setup automatic workflows for a lot of your third party apps so the new versions can download and add themselves to your deployment system.  The project started out working with Munki but has been extended to also work with Casper (AutoPKGr).

It is important to note that if you set up this service to automatically download and deploy the updates, you are putting your trust in unknown parties.

We would recommend setting it up, so new updates go into a “quarantine” group and only deployed to test machines.  If you are more security conscious, or are bound by strict security compliance regulations AutoPKG may not be for you, in which case you would need to use a more manual process.

Read “Best Practices in 2015: Managing Settings in Mac OS X and iOS” next

If you are thinking about deploying a new fleet of Macs or iOS devices and require Apple consultancy or advice, please contact our expert team today. Call 0208 660 9999 or email support@amsys.co.uk.

Setting the Network Time Server from the Command Line

Hi All, here’s a short and sweet blog post to kick off the new year!

I often get asked about setting up NTP configurations on client devices in a better way than manually. You can do this from the command line simply enough:

NTPServer="time.euro.apple.com"
	/usr/sbin/systemsetup -setnetworktimeserver "$NTPServer"
	/usr/sbin/systemsetup -setusingnetworktime on

Swap the “time.euro.apple.com” with your desired NTP server and run the commands as root (using ‘sudo’ in front of them). The first command sets the NTP server address (viewable in the GUI in ‘System Preferences’ under ‘Date & Time’). The second command enables the use of the NTP.

Trick 1: Scripting

As this is a bash command, you can chuck it into a Bash / Shell script. Typically I will put this into a ‘first boot’ script to configure a device during imaging.

Trick 2: AD Domain

Another cool trick is if you’re in an AD domain scenario, you can usually set the domain as the NTP rather than a specific NTP and the client/s will use AD / DNS to find a specific NTP!

E.g. if your NTP servers are ‘time1.example.com’ and ‘time2.example.com’, and your domain is ‘example.com’, set the NTP to the ‘example.com’ address and it should find the NTPs automatically.

Summary

There you go, short and sweet.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

OS X Yosemite hidden feature series – Part 1

os x yosemite hidden features

Since OS X Yosemite was released in October, I’ve been hunting around for those cheeky little Easter eggs that Apple like to sneak in. In this new series, I will be blogging about some of my favourites.

I was going to start this blog series in the new year, but then I decided it might be nice to release the first part as a Christmas treat!

So, to kick us off in Part 1, I thought I’d start with a couple of new features in the Finder and Dock, therefore the user interface in OS X Yosemite.

New Feature 1: Finder Dark mode

Yosemite has a new look, and it’s brighter and crisper than ever. For some people though, this may be too bright and crisp! So, Apple provided a ‘Dark Mode’.

Simply navigate to the General pane of System Preferences and tick the box next to ‘Use dark menu bar and Dock’:

os x yosemite dark mode

Here is a ‘before’ snapshot showing the default menu bar and dock, notice how bright and white the menu bar and Dock are:

before dark mode yosemite

And now below is an ‘after’ snapshot showing the Dark Mode menu bar and Dock, notice the menu bar and Dock are now darker (black):

in dark mode yosemite

This ‘Dark Mode’ is ideal for anyone working in perhaps a professional photo or video environment.

New Feature 2: Batch rename files or folders in Finder


Have you ever had a bunch of files or folders and needed to rename them quickly and all in sequence? Yosemite makes this a breeze.

All you need to do is highlight all your files/folders, then control-click/right-click them and select ‘Rename items’ from the contextual menu that appears. Then just choose your choice from the drop down menu, select your criteria, click Rename and you’re all done!

Below is an example where I wish to rename 4 files in sequence:

Step 1: Select all the files in the Finder:

batch rename files in yosemite

Step 2: Control-click/right-click the items and select ‘Rename items’ from the contextual menu that appears:

batch rename four files in yosemite

There is now a choice of 3 renaming options:

batch rename replace text yosemite

You can simply Replace Text in all items:

replace text in all file names yosemite

Add Text in all items:

add text all files yosemite

Or use Format to reformat Text in all items:

use format to reformat text yosemite

Step 3: I have chosen to Format the text as follows:

reformat text in yosemite

This will rename each file in turn as ‘RussDoc’ and then add a sequential number starting from ’1′.

Below is the result:

batch reformat result yosemit3e

New Feature 3: Handoff

If you own more than one Mac device, let’s say an iPhone and an iMac, Yosemite and iOS 8 combined have a really nifty feature known as Handoff. It is technically 1 part of a feature known as Continuity.

So what is ‘Handoff’?

To quote Apple’s website:

“Say you start writing a report on your iMac, but you want to continue on your iPad as you head to your meeting. Or maybe you start writing an email on your iPhone, but you want to finish it on your Mac. Handoff makes it possible. When your Mac and iOS devices are near each other, they can automatically pass what you’re doing from one device to another.

An icon representing the last app you were using will appear on your second device — in the Dock on your Mac or on the Lock screen on your iOS device. Just click or swipe to pick up exactly where you left off without having to search for the file. Handoff works with Mail, Safari, Pages, Numbers, Keynote, Maps, Messages, Reminders, Calendar and Contacts. And app developers can easily build Handoff into their apps.”

Make sense?

So, let’s see it in action. I’ll be using an iPhone 5 running iOS 8.1.2 and an iMac running OS X Yosemite 10.10.1.

First of all, the requirements to use Handoff:

  • Sign into the same iCloud account on all your devices.
  • Turn on Bluetooth on all the devices you want to use. Make sure your devices are near each other.
  • Connect all your devices to the same Wi-Fi network.

Step 1: Go to the Settings App in iOS 8, choose ‘General’ and then ‘Handoff & Suggested Apps’ and ensure that ‘Handoff’ is enabled:

setting up handoff

Step 2: On your Yosemite Mac, ensure that Handoff is enabled in General Preferences:

enable handoff in general preferences

Step 3: Ensure both devices are logged into the same iCloud account, (iOS 8 = Settings App>iCloud, OS X Yosemite = System Preferences>iCloud), the same Wi-Fi network and have Bluetooth enabled.

Step 4: Start to compose a new email using the Mail app on your iPhone:

create and send an email using handoff

Step 5: Your phone should ‘notify’ your Mac in the far left of the Dock that there is an email that you can continue from your iPhone:

mail from iphone handoff

(You could also use OS X’s App switcher by using the Command-Tab keys to switch to an app with a Handoff icon).

Step 6: Select the Email icon at the far left of the Dock to open the email and continue:

reply to email handoff

Nice!

Let’s look at it the other way round, ‘Handing off’ from OS X to iOS.

Step 1: Using the rules from above, but this time start the email on your Mac, then the Lock screen of your iOS device will show the icon of the Handoff supported app in the lower left hand corner, (and yes, that is me in the racecar!):

handing off from os x to ios

Step 2: Swipe the Handoff app icon ‘UP’, (in this case the Mail icon), and unlock the device if it has a passcode. The email or whatever Handoff content there is, will load on the screen.

You can also go to the multitasking display in iOS, (double-clicking the Home button on your your iPhone, iPad, or iPod touch,) swipe all the way from left to right to see that the Handoff app is the first icon in this list before the homescreen, then tap the app:

mulit tasking display handoff

New Feature 4: Quickly disconnect from a Wi-Fi network

I have often wanted to disconnect from a Wi-Fi network without having to turn Wi-Fi completely off. Before Yosemite, this couldn’t easily be done. Well, now you can!

In OS X Yosemite, once connected to a Wi-Fi network, simply option/alt click the Wi-Fi icon in the top right menu bar. You will now have an option to disconnect from the network listed underneath the name of the currently in-use Wi-Fi:

quickly disconnect from a wifi network

(If you are connecting to an iPhone/iPad using the Personal Hotspot feature of iOS, this feature is immediately available from the Wi-Fi menu without having to option/alt click).

I hope you have found this blog useful, there are many more features than I haven’t listed here, but these are 4 features that I have found people have not been aware of, or have not been able to use correctly so I thought they would be good to blog.

Read part 2 here, which covers all the new and hidden features in Safari!

Apple has a good overview of the main new features of OS X Yosemite on their website should you wish to see what else is out there.

Also, if you would like to learn more about OS X Yosemite and iOS 8 we teach a large collection of OS X Mac and iOS support courses, which you may find useful.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Calling all iOS Developers!

We are on the hunt for 2 experienced and enthusiastic iOS developers, 1 senior iOS developer and 1 web/database developer who are based in or are willing to relocate to Glasgow!

Who will you be working for?

You will be working for one of the leading facilities management companies in the UK; who are looking to expand their in-house iPad app development team to develop innovative apps for their large network of retail clients.

Who do you need to be to apply?

An experienced iOS app developer or web developer! We have 3 roles that we have been tasked with to recruit for, all of which are offering a substantial pay packet and benefits package:

iOS Developer

  • Minimum 5 years overall development experience including 2+ years coding for iOS devices in Objective-C/Cocoa/Xcode
  • A link to a working iOS application that you have created or worked on.
  • Commercial software product development experience -  not just internal or personal software apps.

Read full job description here

 

Senior iOS Developer

  • You must have previous management experience
  • 6 years + overall development experience
  • Strong analytical and problem solving skills.

Read full job description here

 

Web/Database Developer

  • Minimum 4 years Web Development/JSON Web service experience
  • Minimum 2 years commercial experience in ASP.NET MVC
  • Strong C# and SQL Skills

Read full job description here

Amsys Advent Calendar Christmas Countdown

Kick off the festive season in style, and countdown the 12 days to Christmas with Amsys.

From tomorrow (12th December) we will be giving away an Apple themed gift or Amsys treat with every course that’s booked!

Your gift or treat can be redeemed by quoting the offer code that will be revealed each day by email. To join in with the festivities and to receive your 12 days of Christmas email – please add your email address to the field below.

Munki 2: Introduction

Hi all. I’ve been meaning to do this for the last few months. On 23rd September 2014, Greg Neagle released the official version 2.0 of the Munki solution.

Version 2 has brought a number of (good) changes and additional features to make the whole solution much prettier to the end user.

Firstly, the new requirements

New version means new requirements:

  • Munki 2 no longer supports Leopard (unlike Munki 1). This puts the client OS’ supported by Munki 2 at 10.6.x to 10.10.x
  • Munki 1 does not officially support Yosemite. This puts the client OS’ supported by Munki 1 at 10.5.x to 10.9.x.

New features

The biggest change for Munki 2 has been the GUI application on the client devices.

Munki 1 made use of a locally installed client application called “Managed Software Update” and this was modeled on the current built-in Apple Software Update tool of the time.

munki 2 managed software updates

However, Munki 2′s client application has been redesigned to have a similar look and feel as the modern day software update system, the Mac App Store. With this new look, is a new name, ‘Managed Software Centre’ and a new location in the main Applications folder.

munki 2 managed software centre

This new look and feel will show the most benefit to the optional applications you may offer through your Munki solution, specifically, the ability to group applications by category and to provide more detailed information regarding each installation along with screenshots and icons!

munki wiki

munki firefox wiki

This new solution also allows the customisation of the application (‘re-skinning’) to allow a number of branding options for your organisation.

Compatibility

The important question, what versions of Munki client and server work together? The answer (ignoring Mac OS X versions) is all!

The changes to the Munki server are purely some additionally directories in the Munki Repo, and some additional keys in the ‘pkgsinfo’ files. The interactions are as follows:

Munki 1 Server, Munki 1 Client

No change in behaviour.

Munki 2 Server, Munki 1 Client

Client will still use the older Managed Software Update tool. Any new items (keys) in the pkgsinfo files (such as path to icon, Categories, or Developer) will simply be ignored and the solution will function as before.

Munki 1 Server, Munki 2 Client

The Client will use the new App Store style application and will see any pkgsinfo files that are missing the keys as a blank value and use the default icons and settings (e.g. standard Apple installer icon and blank values for the others).

Munki 2 Server, Munki 2 Client

The Client will use the new App and the new features from the updated server.

Please Note: There will be no further releases for the Munki 1 tools and so any bugs that are found will not be fixed.

Looking ahead

As with the original Munki series, I’ve got a few blogs planned (time permitting!) At the risk of promising too much, I hope to cover:

  • Munki 2 Server setup / Munki 1 to Munki 2 Server upgrade
  • Munki 2 Client setup / Munki 1 to Munki 2 Client upgrade
  • Using Munki Admin with Munki 2
  • Updating your existing Munki Repo content for Munki 2

Ideally, these will be in my same ‘I assume you haven’t used Munki before and want an easy to follow, basic setup to build off’ style, please let me know if I go too much one way or another.

One more thing…

Around the same time, Greg moved the main storage of the Munki tools and wiki from Google Code to GitHub. New address is https://github.com/munki/munki

Summary

There you go again, a small introduction into Munki 2 and what has changed over Munki 1.

Any hints, tips or opinions? Let us know in the comments below and I’ll try to respond to as many as I can.

Read Part 2: Upgrading your Munki Repo & Administration Mac here.

Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

 

Setup Facebook Messages With Apple Messages App

Facebook is one of the biggest and most popular social media networks in existence. Thousands of messages are sent via it on a daily basis. A Mac user can setup their messages app so that it displays messages sent to them and allows them to reply without having a Facebook window open.

So, how do I setup Messages to work with Facebook?

setup Messages to work with Facebook

With the ‘Messages’ app open select ‘Preferences’ from the ‘Messages’ menu

open preferences in apple messages

When the ‘Preferences’ windows loads select the ‘Accounts’ tab

mail accounts general pane

This will list all the accounts that are used by messages e.g. iCloud account that is linked with an iPhone.

Click the ‘+’ button in the bottom left corner.

setup bonjour on facebook

This will open the add account screen, select the option to use a different account type.

add new email account facebook messenger

From the drop down menu select the Jabber message protocol for the ‘Account Type’.

add jabber facebook messenger apple

add a messages account jabber apple

You need to use your Facebook user name with @chat.facebook.com for the account name.

To find out you Facebook username you need to go to facebook.com/username

Here is the full support article for finding/changing you Facebook username.

Once you have added the details for the account click the ‘Next’ button.

Once the account has been created you will be put back on the main screen of the messages app. From here, click the button to start a new conversation.

create a new conversation facebook messenger apple

This will open the list of your friends allowing you to select whom ever you wish to message.

send a facebook message to a contact apple

Once you have selected a friend click in the message bar at the bottom of the window. Type your message and press the ‘return’ key to send the message.

send facebook message via os x

A green message bubble shows that the message has sent to the user. As long as the message app is running in the background when a message is sent to you it will show a badge icon over the messages app icon to indicate a new message.

4 “Mac in the enterprise” deployment techniques

mac deployment techniquesThere are a number of ways you can deploy Mac OS X.  The tools and techniques used have evolved rapidly over the past few years.  In this blog post I will summarize each deployment technique, explain our view on scenarios where you would use one over another and how new options such as DEP have moved things along.

The main methods we will discuss are:

  • Monolithic (traditional) imaging
  • Modular imaging (base OS image + packages and settings)
  • Thin imaging (just packages and settings)
  • User self-service

1. Monolithic (traditional) Imaging

This method has been around for some time.  Back in the heyday of NetRestore, this was the cool new way to deploy Macs (iOS didn’t exist!).  You would get your hands on a model Mac, typically the highest spec that had the most hardware features, install all of the software packages you needed and configure machine level settings, such as the Login Window layout and sharing preferences.

Once you were happy with the setup, you would create a disk image of the hard drive using hdiutil, disk utility or another tool, scan the image for block restoration and then deploy it to the rest of the Macs that you needed to set up.  The end result was a set of identically configured Macs so from that perspective it was a working process.

The downside, however, is when you either spot a problem with the configuration or an update is released just as you finish.  I had lots of situations where I would spot a minor imperfection in the image, meaning hours of work to deploy the image to the model Mac, correct the flaw, and then create a new image.

Each time I did this, the chance of unwittingly introducing a new flaw was high.  Updates being released just as you finished rolling out the image happened a lot as well.  There was nothing worse than creating your great new 10.2.3 OS X image with everything just as you need it, only for Apple to release the 10.2.4 update the next day.

This obviously brings up a flaw with the patch management processes, which were often non-existent.

We could, of course, add in a software update server to handle the Apple updates but what about Office, database apps, Silverlight, Flash, etc.?

In many cases, organisations just froze in time. They deployed their image, and that was it until the hardware was due to be refreshed.  Good from a change management point of view, not good from a functionality or security standpoint.

2. Modular Imaging (base OS image + packages and settings)

Modular imaging has also been around for a while, although adoption has been slower.  The basic idea is to separate out each part of your intended build into a base OS (with any necessary updates), the applications the users need, and finally any settings you would like to be configured from the start.  Each aspect of the final build is stored as either a package installer or a script that would run when the target Mac first boots.

There are three key benefits to this approach:

  • It’s easier to update or fix one part of a build than recreate the whole thing
  • It’s easier to update part of the build if a patch for a particular bit of software is released
  • You can create multiple “workflows” without having to store multiple monolithic images

For these reasons, you would assume this would always be the preferred method over monolithic imaging.  So why has adoption been slow?

The first (and probably the main) reason is an increase in technical difficulty.  When you’re creating a monolithic image you can ‘see’ what you are doing, it’s just like setting up a normal Mac and then taking a snapshot of its state.  With modular imaging, you have to learn a few new skills including scripting and software packaging.

The second reason is that it’s newer.  There are some techs out there that know how to create a monolithic image and are happy with the results. And, from a time investment perspective, they don’t want to spend time learning a new way to achieve the same goal.

At Amsys, we switched to modular imaging a few years ago and saw the benefits almost immediately. Once we had worked out how to package some of the trickier apps and some of the scripts that were needed we could create customised builds for our clients in much less time.

3. Thin Imaging (just packages and settings)

Thin imaging is one of the newest techniques.  It is quite similar to modular imaging, just without an OS.  The assumption here is that Macs from Apple come with a perfectly good, pre-installed OS, so why spend time wiping it, only to put the same thing back on the machine before adding the apps and settings.

With thin imaging, you take a Mac out of the box and run a workflow that installs the apps you have packaged and adds any settings that you need.

Some of the benefits for thin imaging are:

  • Time saved as you aren’t capturing / packaging a base OS
  • Time saved as you aren’t deploying an entire OS
  • You are less likely to introduce issues by replacing the OS (incorrect hardware extensions, etc.)

With this style of imaging, there are some other added benefits.  For example, you can take a machine that has already been set up by the user and deploy your company apps and configuration to it.  As you’re not wiping the drive there isn’t a risk of upsetting the user by deleting all of their data!

A potential negative, however, is the lack of a proper “imaging” option.  “Re-imaging” has long been seen as a way to eradicate problems from machines as it can return them to a known working state.  As thin imaging only adds to the target machine, it wouldn’t be a suitable option for removing a pre-existing problem.

This being said; thin imaging and modular imaging can co-exist together.  At Amsys, we quite often setup both options.  Once we have created a modular imaging workflow that can lay down an OS, it is only a few minutes work to create a separate workflow that performs all the same actions, just without a base operating system.

If the option of erasing the machines is a requirement, but you’d rather not “re-image” in the traditional sense, you can create an OS X installation package using a tool like createOSXinstallPkg.  This script generates a package that can be installed as part of your thin imaging workflow, but performs a standard OS X installation.  If you include a step to erase the target drive before installing, the result will be very similar to a modular build.apple device enrolment program

4. User self-service

The final deployment method I would like to talk about is user self-service.  The first three methods I have described are quite similar.  Some of the tools and techniques are different, but the underlying processes are the same, as are the results.

User self-service takes a different approach entirely and simply provides a mechanism for the user to install the apps and settings they need.  Some organisations I have worked with that have very large numbers of Macs (usually over 1,000 devices) are using this method.  It could be that it took that quantity of machines to force them to think of more efficient ways to get the machines out to the users.

One of the major benefits is the lack of IT involvement.  The IT team need to ensure that the catalog of packages and settings are tested and functional, and that there is a simple way to present these to the users (such as JAMF Software’s Self Service), but once this is done, the user only needs to enrol their device, launch the app and choose what they need.

This can be extremely handy if a user is in a remote location.  If they have a major hardware breakdown, they can go to their nearest Apple Store, buy a new Mac, enrol with the management system and open up Self Service to get going.  No IT involvement needed.

With Apple’s DEP (Device Enrollment Program) now, the users don’t even need to enrol.  They unbox their new Mac, complete the setup assistant and they are ready to go.

Conclusion

There are some projects we have been working on recently that I simply couldn’t imagine finishing without some of the newer deployment methods.  Tools like Casper and Munki have created some new and interesting workflows that are really helping to reduce the manual effort needed to deploy large numbers of machines consistently.

While monolithic imaging is rarely used, I couldn’t really say that any one of the other techniques described are the best, it really just depends on the scale of the deployment project, the location of the devices and users and what you want from the final setup.

If you are thinking about deploying a new fleet of Macs or iOS devices and require Apple consultancy or advice, please contact our expert team today. Call 0208 660 9999 or email support@amsys.co.uk.

Get SendEmail working with Yosemite and Mavericks

A while back, we found a nice little command line tool to send emails with authentication settings, custom subjects, etc., without using any of the built in email sending tools. This was handy for situations where a client might have various restrictions in place such as a relay server that requires authentication and / or a specific sender address to allow the emails to pass through.

The tool is called “SendEmail” and is available from the Caspian webpage for free! We commonly used this with a number of custom client-side notification systems.

Sounds handy, what changed?

Mavericks:

Well, the solution is a script written in Perl, making use of the default Perl language installing and modules. With Mavericks, Apple added a newer default version of Perl, with which the script could not use the SSL Module for SSL communications

The main issue is that the developer is no longer actively developing this tool and so there is no full patch for the issue. After a short while, one of the commenters on the page posted a simple fix that involves editing the SendEmail tool to use the older, yet still included version of Perl, 5.12.

This is to open the script in a text editor (avoid TextEdit and use the free TextWrangler if possible), and modify the first line from:

#!/usr/bin/perl –w

To:

#!/usr/bin/perl5.12 –w

And save the new script. This should now work fine in Mavericks.

Yosemite:

With Yosemite, Apple removed the older Perl version meaning that the above fix no longer works. We have to make some more tweaks to the script and grab the single required module from the Perl 5.12 modules.

1. Find the Perl 5.12 Extras directory on a copy of Mac OS X Mavericks or Mountain Lion. This is located at “/System/Library/Perl/Extras/5.12″.

2. Grab the specific SSL.pm Perl Module from “/System/Library/Perl/Extras/5.12/IO/Socket/SSL.pm” and copy this to a location of your choosing. We typically use a /Library folder for our installations. E.g. “/Library/Amsys/Perl5.12/”. I would suggest you do the same and DO NOT modify your own “/System/Library” folder contents (this is because this area is Apple’s domain so any updates and definitely any upgrades will replace this folder).

3. Reopen the SendEmail script in a text editor of your choice.

4. If you made the above changes for Mavericks, we need to reverse these to use the default Perl language version. Modify the first line from:

#!/usr/bin/perl5.12 –w

Back to:

#!/usr/bin/perl –w

5. Now we need to tell the SendEmail script to use the extra SSL Module we have grabbed. Around lines 128 to 133 you’ll see this:

## Load IO::Socket::SSL if it's available
eval { require IO::Socket::SSL; };
if ($@) { $conf{'tls_client'} = 0; }
else { $conf{'tls_client'} = 1; }

Change this to:

## Load IO::Socket::SSL if it's available
use lib '/Library/Amsys/Perl5.12';
use SSL;
#eval { require IO::Socket::SSL; };
if ($@) { $conf{'tls_client'} = 0; }
else { $conf{'tls_client'} = 1; }

And change the highlighted section to the path where you have put your Perl v5.12 SSL.pm module file.

6. Run some tests and checks and this should all work. If you’re having issues, check that the Library folder/s and the SSL.pm file are owned by Root with 755 as the permissions (or however you specific implementation requires them).

Looking Forward

OK, I confess, this is a large bit of gaffer tape stuck over cracks in the script, but it’ll get most people who may use it out of a hole with the least amount of faff.

In the future, I’ll need to tear the script apart and find out what specifically it doesn’t like with the SSL module in the newer versions of Perl and correct this. As with most IT guys, it’s on a ‘To Do’ list, just not very high up it!

Summary

I hope this help anyone else who uses SendEmail to continue use a nice little tool for command line email sending!

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Amsys’ Yosemite Advanced Deployment course is here!

Over the last few years, my fellow trainers and I have been teaching our advanced Apple IT courses to a wide range of IT professionals who need to extend their OS X knowledge beyond Apple’s ACTC certification.

Last week, I delivered our very first OS X Yosemite training course, an updated beta version of our Advanced Deployment course

advanced deployment yosemite course

Over the last couple of months, I’ve been thinking about how I can make this course bigger and better (and more enjoyable)!

Now that Yosemite has arrived, I’ve managed to pack in more features and tools for administrators to play with. The Advanced Deployment course for 10.10 is all about hands-on labs, with plenty of time to get your hands dirty by trying out different deployment scenarios and solutions.

I’ve added lots of third party tools into the mix as either demos, discussion points and exercises. These sessions will provide valuable real-world context, as these tools complement OS X’s built-in installation and deployment software and have become an essential tool to many Mac Admins.

This 3 day intensive course is ideal for IT professionals who require an in-depth knowledge on deploying OS X systems and its software.

Students on the first course really enjoyed our hands on approach to training, with one commenting:

“The course will be very useful to me as it has expanded my knowledge on deployment. I handle all the deployments at my work, and I am also considering incorporating an MDM, this course has really opened my eyes to the options available in leveraging a combined deployment and MDM solution.

Being on the first beta of this course meant I was able to ask the questions I needed to ask without disturbing the progress of the course. Having the ability to test out Yosemite so close to its release date was fantastic. Russell also encouraged and assisted me in testing out my own theories and scenarios instead of performing the documented course exercises.”

What the Advanced Deployment course will teach you:

  • How to plan and develop a comprehensive, stable Mac Deployment strategy – including customizing deployed systems and implementation of all methods of deployment, from deploying single files to multiple OS X Systems.
  • Create a comprehensive Deployment planning checklist and Service-Level Agreement (SLA).
  • How to create, deploy and enforce Usage Policies on Apple devices.
  • Understand how the OS X Yosemite file system functions and how it handles file, folder and package installation.
  • Understand OS X installer Packages. Creating, customising, securing and deploying installer packages.
  • How the Mac App Store works. Ownership of Apps, downloading Apps, Volume License Agreement (VLA) and Volume Purchase Program (VPP).
  • Understand the built-in security features of OS X (such as GateKeeper and FileVault 2) and how to work with these during Deployment.
  • Third Party imaging and deployment tools including, Iceberg, Packages, AutoPkg, Munki and Casper.

Plus much more! Read the Yosemite Advanced Deployment course in full here.

If you want to learn how to deploy a fleet of Macs then come along to one of our Advanced Deployment courses in Central London, South London or Manchester. In the meantime,  keep an eye out for new announcements as we release updated and new courses on OS X Yosemite and iOS 8!

Yosemite: JavaScript for Automation

The Open Scripting Architecture for OS X has been around for a long time and has provided a standard and extensible mechanism for scripting applications and services on OS X.

AppleScript has been the staple OSA language for years but with Yosemite, Apple have added JavaScript.

JavaScript can be used in the Script Editor; there is a Run JavaScript automator action and you can also access it via the Terminal

Apple has got some great documentation, which is available here.

So, for example, take this simple piece of AppleScript that composes a new email along with a subject and message:

tell application "Mail"
set myMessage to make new outgoing message with properties 
{visible:true, subject:"My Test Email", content:"Hello World"}
end tell


The javascript equivalent would be:

Mail = Application('Mail');
content = "Hello World";
msg = Mail.OutgoingMessage({
subject: "My Test Email",
content: content,
visible: true
});
 
Mail.outgoingMessages.push(msg);
Mail.activate();

So, if you have JavaScript skills, you can start using them to automate the Mac.

If you are not sure what properties are available for an app, its dictionary through script editor now lists the properties by AppleScript or JavaScript.

javascript-script-editor

Apple has even added an Objective-C bridge, allowing JavaScript to access Objective-C frameworks.

This really opens up a new chapter in OS X Automation.

 

Enjoy